java-security

Jar Analyzer - 一个JAR包分析工具，批量分析，SCA漏洞分析，方法调用关系搜索，字符串搜索，Spring组件分析，信息泄露检查，CFG程序分析，JVM栈帧分析，进阶表达式搜索，字节码指令级的动态调试分析，反编译JAR包一键导出，一键提取序列化数据恶意代码，一键分析BCEL字节码

打造最强的Java安全研究与安全开发面试题库，包含问题和详细的答案，帮助师傅们找到满意的工作

🔍 CodeAuditAssistant - IDEA代码审计插件（公测中） ⚡ 精准追踪复杂调用链 | 🚀 毫秒级方法搜索 | 🔥 内置高危漏洞检测 原生集成 | 反编译/路径分析 | 内存优化 | 安全审计利器 🔍 CodeAuditAssistant - JetBrains Code Audit Plugin (Beta) ⚡ Deep Call-Chain Tracking | 🚀 Method/Class Search | 🔥 Prebuilt Vuln Sinks Native Integration | Decompiler/Path Finder | Memory Optimized

"chanzi" is a simple and user-friendly JAVA SAST tool that utilizes taint analysis technology, includes built-in common vulnerability rules, supports decompile, custom rule, and is compatible with the technology stacks of Servlet&filter, Spring,struts,Dubbo,Thrift, jax-rs,jax-ws,JFinal,Netty,MyBatis,and JSP.

Java web and command line applications demonstrating various security topics

Java-Web-Security - Sichere Webanwendungen mit Java entwickeln

使用JNI加密字节码，通过JVMTI解密字节码以保护代码，支持自定义包名和密钥，使用魔法禁止黑客dump字节码

基于 RBAC 模型功能全面的 Shiro 安全集成&简化&扩展组件。Shiro integration & simplifies & Extension component based RBAC

Demonstrate how usage of the Java Security Manager can prevent Remote Code Execution (RCE) exploits.

An ongoing collection of java language tools and frameworks, software, libraries, learning tutorials, frameworks, academic and practical resources.

An ongoing curated list of frameworks, books, articles, talks, screencasts, recordings, libraries, learning tutorials and resources about Java Development.

Fast and powerful cryptographic functions thanks to javax.crypto and CommonCrypto.

Application Intrusion Detection projects

Sample web app to demo end-to-end security w/ JavaEE, Spring Security and RBAC fine-grained authorization. All connections use SSL.

TuxCare SecureChain enhances Java supply chain security through vetted libraries, vulnerability fixes, and extended support. Ideal for enterprise-level compliance and secure development.

一个为广大安全人员整合的知识框架，目前会涉及到Web安全、Java安全研究、红蓝对抗、应急响应、APP、SRC、CTF等。

Sample Apache Wicket web app to demo basic java EE security and RBAC with Apache Fortress

SpringJWT is a simple project designed to help users understand JWT implementation with Spring Security, including the use of bearer tokens for secure authentication.

A PGP end-to-end encrypted generic email client developed for Smart India Hackathon.

Tutorial on RBAC role engineering practice using Apache Fortress as the security system inside a sample Apache Wicket Java Web app. Based on this article: http://iamfortress.net/2015/03/05/the-seven-steps-of-role-engineering/