This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Java Security Frameworks"

From OWASP
Jump to: navigation, search
(Encryption)
m (Cross Site Scripting (XSS))
Line 14: Line 14:
 
== Cross Site Scripting (XSS) ==
 
== Cross Site Scripting (XSS) ==
 
* [https://www.owasp.org/index.php/OWASP_Java_Encoder_Project OWASP Java Encoder Project] is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies to help Java web developers defend against Cross Site Scripting.
 
* [https://www.owasp.org/index.php/OWASP_Java_Encoder_Project OWASP Java Encoder Project] is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies to help Java web developers defend against Cross Site Scripting.
* The [https://www.owasp.org/index.php/OWASP_Java_HTML_Sanitizer_Project OWASP Java HTML Sanitizer Project] is a fast and easy to configure HTML Sanitizer written in Java which lets you include HTML authored by third-parties in your web application while protecting against XSS.
+
* [https://www.owasp.org/index.php/OWASP_Java_HTML_Sanitizer_Project OWASP Java HTML Sanitizer Project] is a fast and easy to configure HTML Sanitizer written in Java which lets you include HTML authored by third-parties in your web application while protecting against XSS.
* The [https://www.owasp.org/index.php/OWASP_JSON_Sanitizer OWASP Java JSON Sanitizer] is a tool to convert JSON-like content to valid JSON! The OWASP JSON Sanitizer Project is a simple to use Java library that can be attached at either end of a data-pipeline
+
* [https://www.owasp.org/index.php/OWASP_JSON_Sanitizer OWASP Java JSON Sanitizer] is a tool to convert JSON-like content to valid JSON! The OWASP JSON Sanitizer Project is a simple to use Java library that can be attached at either end of a data-pipeline
  
 
== Additional Java Security Libraries  ==
 
== Additional Java Security Libraries  ==

Revision as of 00:09, 3 September 2014

A list of third party (i.e. not part of Java SE or EE) security frameworks. This page contains a list of Java security libraries and frameworks and indicates which security features each library supports.

Enterprise

  • OWASP Enterprise Security API a new OWASP project to provide all essential security services under one roof.
  • HDIV A web application security framework that provides a number of functions.

Access Control (Authentication and Authorisation)

  • jGuard - jGuard is written in Java. Its goal is to provide a security framework based on JAAS (Java Authentication and Authorization Security). The framework is written for web and standalone applications, to easily provide solutions for access control problems.

Encryption

  • Bouncycastle - Lightweight Java cryptography APIs
  • Jasypt - Jasypt is a java library which allows the developer to add basic encryption capabilities to his/her projects with minimum effort, and without the need of having deep knowledge on how cryptography works.

Cross Site Scripting (XSS)

  • OWASP Java Encoder Project is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies to help Java web developers defend against Cross Site Scripting.
  • OWASP Java HTML Sanitizer Project is a fast and easy to configure HTML Sanitizer written in Java which lets you include HTML authored by third-parties in your web application while protecting against XSS.
  • OWASP Java JSON Sanitizer is a tool to convert JSON-like content to valid JSON! The OWASP JSON Sanitizer Project is a simple to use Java library that can be attached at either end of a data-pipeline

Additional Java Security Libraries

Name and link
Updated
AU
AC
CF
CR
IV
OE
SM
XM
XS
AntiSami
2011




 Y
Y



Apache Santuarrio
2011







 Y

Apache Shiro
2011
Y
Y
 ?
Y
 ?
Y
Y
 ?
Y
Bouncy Castle
2011



Y





CSRFGuard
 ?


Y
Y





ESAPI
2010
Y
Y
 ?
Y
Y
Y
 ?

Y
Jasypt
2010



Y





iGuard
2011
Y
Y







Vlad
 ?




Y





Security Features Key

  • AU Authentication
  • AC Authorization / Access Control
  • CF Anti CSRF
  • CR Cryptography
  • IV Input Validation
  • OE Output encoding
  • SM Session management
  • XM XML security
  • XS XSS protection