This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Java Security Frameworks

From OWASP
Revision as of 19:29, 15 March 2015 by Jmanico (talk | contribs) (Additional Java Security Libraries)

Jump to: navigation, search

A list of third party (i.e. not part of Java SE or EE) security frameworks. This page contains a list of Java security libraries and frameworks and indicates which security features each library supports.

Key Security Features

  • Authentication (AU)
  • Authorization / Access Control (AC)
  • CSRF Defense (CF)
  • Cryptography (CR)
  • Input Validation (IV)
  • Output Encoding (OE)
  • XSS protection (XS)
  • XML Security (XML)

Access Control (Authentication and Authorization)

  • jGuard - jGuard is written in Java. Its goal is to provide a security framework based on JAAS (Java Authentication and Authorization Security). The framework is written for web and standalone applications, to easily provide solutions for access control problems.
  • OACC - OACC is an application security framework for Java designed for fine grained (object level) access control. OACC uses the abstraction of a resource for the application objects being secured. This key abstraction enables OACC to provide a rich API that includes grant, revoke and query capabilities for storing and managing the application's security relationships.

Encryption

  • Bouncycastle - Lightweight Java cryptography APIs
  • Jasypt - Jasypt is a java library which allows the developer to add basic encryption capabilities to his/her projects with minimum effort, and without the need of having deep knowledge on how cryptography works.

Cross Site Scripting (XSS)

  • OWASP Java Encoder Project is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies to help Java web developers defend against Cross Site Scripting.
  • OWASP Java HTML Sanitizer Project is a fast and easy to configure HTML Sanitizer written in Java which lets you include HTML authored by third-parties in your web application while protecting against XSS.
  • OWASP Java JSON Sanitizer is a tool to convert JSON-like content to valid JSON! The OWASP JSON Sanitizer Project is a simple to use Java library that can be attached at either end of a data-pipeline

Enterprise

  • Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. With Shiro’s easy-to-understand API, you can quickly and easily secure any application – from the smallest mobile applications to the largest web and enterprise applications.
  • OWASP Enterprise Security API a new OWASP project to provide all essential security services under one roof.
  • HDIV A web application security framework that provides a number of functions.

Additional Java Security Libraries

Name and link
AU
AC
CF
CR
IV
OE
XM
XS
AntiSamy




 Y
Y

Y
Apache Santuarrio






 Y

CSRFGuard


Y
Y




Jasypt



Y




iGuard
Y
Y






OACC
Y
Y

Y
Y



Vlad




Y