This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Java Security Frameworks"
From OWASP
m |
(→Additional Java Security Libraries) |
||
| Line 34: | Line 34: | ||
|- | |- | ||
! scope="col" | Name and link<br> | ! scope="col" | Name and link<br> | ||
| − | |||
! scope="col" | AU<br> | ! scope="col" | AU<br> | ||
! scope="col" | AC<br> | ! scope="col" | AC<br> | ||
| Line 46: | Line 45: | ||
|- | |- | ||
| [http://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project AntiSamy]<br> | | [http://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project AntiSamy]<br> | ||
| − | |||
| align="center" | <br> | | align="center" | <br> | ||
| align="center" | <br> | | align="center" | <br> | ||
| Line 58: | Line 56: | ||
|- | |- | ||
| [http://santuario.apache.org/ Apache Santuarrio]<br> | | [http://santuario.apache.org/ Apache Santuarrio]<br> | ||
| − | |||
| align="center" | <br> | | align="center" | <br> | ||
| align="center" | <br> | | align="center" | <br> | ||
| Line 70: | Line 67: | ||
|- | |- | ||
| [http://shiro.apache.org/ Apache Shiro]<br> | | [http://shiro.apache.org/ Apache Shiro]<br> | ||
| − | |||
| align="center" | Y<br> | | align="center" | Y<br> | ||
| align="center" | Y<br> | | align="center" | Y<br> | ||
| Line 82: | Line 78: | ||
|- | |- | ||
| [http://www.bouncycastle.org/ Bouncy Castle]<br> | | [http://www.bouncycastle.org/ Bouncy Castle]<br> | ||
| − | |||
| align="center" | <br> | | align="center" | <br> | ||
| align="center" | <br> | | align="center" | <br> | ||
| Line 94: | Line 89: | ||
|- | |- | ||
| [http://www.owasp.org/index.php/Category:OWASP_CSRFGuard_Project CSRFGuard]<br> | | [http://www.owasp.org/index.php/Category:OWASP_CSRFGuard_Project CSRFGuard]<br> | ||
| − | |||
| align="center" | <br> | | align="center" | <br> | ||
| align="center" | <br> | | align="center" | <br> | ||
| Line 106: | Line 100: | ||
|- | |- | ||
| [http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API ESAPI]<br> | | [http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API ESAPI]<br> | ||
| − | |||
| align="center" | Y<br> | | align="center" | Y<br> | ||
| align="center" | Y<br> | | align="center" | Y<br> | ||
| Line 118: | Line 111: | ||
|- | |- | ||
| [http://www.jasypt.org/ Jasypt]<br> | | [http://www.jasypt.org/ Jasypt]<br> | ||
| − | |||
| align="center" | <br> | | align="center" | <br> | ||
| align="center" | <br> | | align="center" | <br> | ||
| Line 130: | Line 122: | ||
|- | |- | ||
| [http://sourceforge.net/projects/jguard/ iGuard]<br> | | [http://sourceforge.net/projects/jguard/ iGuard]<br> | ||
| − | |||
| align="center" | Y<br> | | align="center" | Y<br> | ||
| align="center" | Y<br> | | align="center" | Y<br> | ||
| Line 142: | Line 133: | ||
|- | |- | ||
| [http://oaccframework.org/ OACC]<br> | | [http://oaccframework.org/ OACC]<br> | ||
| − | |||
| align="center" | Y<br> | | align="center" | Y<br> | ||
| align="center" | Y<br> | | align="center" | Y<br> | ||
| Line 154: | Line 144: | ||
|- | |- | ||
| [http://www.sapia-oss.org/projects/vlad/ Vlad]<br> | | [http://www.sapia-oss.org/projects/vlad/ Vlad]<br> | ||
| − | |||
| align="center" | <br> | | align="center" | <br> | ||
| align="center" | <br> | | align="center" | <br> | ||
Revision as of 19:25, 15 March 2015
A list of third party (i.e. not part of Java SE or EE) security frameworks. This page contains a list of Java security libraries and frameworks and indicates which security features each library supports.
Key Security Features
- Authentication (AU)
- Authorization / Access Control (AC)
- CSRF Defense (CF)
- Cryptography (CR)
- Input Validation (IV)
- Output Encoding (OE)
- XSS protection (XS)
- XML Security (XML)
Access Control (Authentication and Authorization)
- jGuard - jGuard is written in Java. Its goal is to provide a security framework based on JAAS (Java Authentication and Authorization Security). The framework is written for web and standalone applications, to easily provide solutions for access control problems.
- OACC - OACC is an application security framework for Java designed for fine grained (object level) access control. OACC uses the abstraction of a resource for the application objects being secured. This key abstraction enables OACC to provide a rich API that includes grant, revoke and query capabilities for storing and managing the application's security relationships.
Encryption
- Bouncycastle - Lightweight Java cryptography APIs
- Jasypt - Jasypt is a java library which allows the developer to add basic encryption capabilities to his/her projects with minimum effort, and without the need of having deep knowledge on how cryptography works.
Cross Site Scripting (XSS)
- OWASP Java Encoder Project is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies to help Java web developers defend against Cross Site Scripting.
- OWASP Java HTML Sanitizer Project is a fast and easy to configure HTML Sanitizer written in Java which lets you include HTML authored by third-parties in your web application while protecting against XSS.
- OWASP Java JSON Sanitizer is a tool to convert JSON-like content to valid JSON! The OWASP JSON Sanitizer Project is a simple to use Java library that can be attached at either end of a data-pipeline
Enterprise
- OWASP Enterprise Security API a new OWASP project to provide all essential security services under one roof.
- HDIV A web application security framework that provides a number of functions.
Additional Java Security Libraries
| Name and link |
AU |
AC |
CF |
CR |
IV |
OE |
SM |
XM |
XS |
|---|---|---|---|---|---|---|---|---|---|
| AntiSamy |
|
|
|
|
Y |
Y |
|
|
|
| Apache Santuarrio |
|
|
|
|
|
|
|
Y |
|
| Apache Shiro |
Y |
Y |
? |
Y |
? |
Y |
Y |
? |
Y |
| Bouncy Castle |
|
|
|
Y |
|
|
|
|
|
| CSRFGuard |
|
|
Y |
Y |
|
|
|
|
|
| ESAPI |
Y |
Y |
? |
Y |
Y |
Y |
? |
|
Y |
| Jasypt |
|
|
|
Y |
|
|
|
|
|
| iGuard |
Y |
Y |
|
|
|
|
|
|
|
| OACC |
Y |
Y |
|
Y |
Y |
|
? |
|
|
| Vlad |
|
|
|
|
Y |
|
|
|
|
