This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Java Security Frameworks"

From OWASP
Jump to: navigation, search
(XML Security)
 
(12 intermediate revisions by 2 users not shown)
Line 1: Line 1:
A list of third party (i.e. not part of Java SE or EE) security frameworks. This page contains a list of Java security libraries and frameworks and indicates which security features each library supports.
+
This page has been moved to https://www.owasp.org/index.php/Category:Java#tab=Related_3rd_Party_Projects.
 
 
== Key Security Features  ==
 
 
 
*Authentication (AU)
 
*Authorization / Access Control (AC)
 
*CSRF Defense (CF)
 
*Cryptography (CR)
 
*Input Validation (IV)
 
*Output Encoding (OE)
 
*XSS protection (XS)
 
*XML Security (XML)
 
 
 
==Enterprise==
 
* [http://shiro.apache.org/ Apache Shiro] is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. With Shiro’s easy-to-understand API, you can quickly and easily secure any application – from the smallest mobile applications to the largest web and enterprise applications.
 
* [[ESAPI|OWASP Enterprise Security API]] a new OWASP project to provide all essential security services under one roof.
 
* [http://www.hdiv.org/ HDIV] A web application security framework that provides a number of functions.
 
 
 
== Access Control (Authentication and Authorization) ==
 
* [http://sourceforge.net/projects/jguard jGuard] - jGuard is written in Java. Its goal is to provide a security framework based on JAAS (Java Authentication and Authorization Security). The framework is written for web and standalone applications, to easily provide solutions for access control problems.
 
* [http://oaccframework.org/ OACC] - OACC is an application security framework for Java designed for fine grained (object level) access control. OACC uses the abstraction of a ''resource'' for the application objects being secured. This key abstraction enables OACC to provide a rich API that includes grant, revoke and query capabilities for storing and managing the application's security relationships.
 
 
 
== Encryption ==
 
* [https://github.com/google/keyczar Keyczar] is an open source cryptographic toolkit designed to make it easier and safer for developers to use cryptography in their applications. Keyczar supports authentication and encryption with both symmetric and asymmetric keys.
 
* [http://www.bouncycastle.org/ Bouncycastle] - Lightweight Java cryptography API <i>provider</i>.
 
* [http://www.jasypt.org/ Jasypt] - Jasypt is a java library which allows the developer to add basic encryption capabilities to his/her projects with minimum effort, and without the need of having deep knowledge on how cryptography works.
 
 
 
== Cross Site Scripting (XSS) ==
 
* [https://www.owasp.org/index.php/OWASP_Java_Encoder_Project OWASP Java Encoder Project] is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies to help Java web developers defend against Cross Site Scripting.
 
* [https://www.owasp.org/index.php/OWASP_Java_HTML_Sanitizer_Project OWASP Java HTML Sanitizer Project] is a fast and easy to configure HTML Sanitizer written in Java which lets you include HTML authored by third-parties in your web application while protecting against XSS.
 
* [https://www.owasp.org/index.php/OWASP_JSON_Sanitizer OWASP Java JSON Sanitizer] is a tool to convert JSON-like content to valid JSON! The OWASP JSON Sanitizer Project is a simple to use Java library that can be attached at either end of a data-pipeline
 
* [https://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project OWASP AntiSamy] is a library for HTML and CSS encoding.
 
 
 
== XML Security ==
 
* The [http://santuario.apache.org/ Apache Santuario] project is aimed at providing implementation of the primary security standards for XML: XML-Signature Syntax and Processing and XML Encryption Syntax and Processing.
 
 
 
== CSRF Defense ==
 
* The [https://www.owasp.org/index.php/Category:OWASP_CSRFGuard_Project CSRF Project] is a CSRF defense library that is integrated through the use of a JavaEE Filter and exposes various automated and manual ways to integrate per-session or pseudo-per-request tokens into HTML.
 
 
 
== Additional Java Security Libraries  ==
 
 
 
{| border="1" align="center" width="80%" cellspacing="1" cellpadding="1"
 
|-
 
! scope="col" | Name and link<br>
 
! scope="col" | AU<br>
 
! scope="col" | AC<br>
 
! scope="col" | CF<br>
 
! scope="col" | CR<br>
 
! scope="col" | IV<br>
 
! scope="col" | OE<br>
 
! scope="col" | XM<br>
 
! scope="col" | XS<br>
 
|-
 
| [http://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project AntiSamy]<br>
 
| align="center" | <br>
 
| align="center" | <br>
 
| align="center" | <br>
 
| align="center" | <br>
 
| align="center" | &nbsp;Y<br>
 
| align="center" | Y<br>
 
| align="center" | <br>
 
| align="center" | Y<br>
 
|-
 
| [http://santuario.apache.org/ Apache Santuarrio]<br>
 
| align="center" | <br>
 
| align="center" | <br>
 
| align="center" | <br>
 
| align="center" | <br>
 
| align="center" | <br>
 
| align="center" | <br>
 
| align="center" | &nbsp;Y<br>
 
| align="center" | <br>
 
|-
 
| [http://www.owasp.org/index.php/Category:OWASP_CSRFGuard_Project CSRFGuard]<br>
 
| align="center" | <br>
 
| align="center" | <br>
 
| align="center" | Y<br>
 
| align="center" | Y<br>
 
| align="center" | <br>
 
| align="center" | <br>
 
| align="center" | <br>
 
| align="center" | <br>
 
|-
 
| [http://sourceforge.net/projects/jguard/ iGuard]<br>
 
| align="center" | Y<br>
 
| align="center" | Y<br>
 
| align="center" | <br>
 
| align="center" | <br>
 
| align="center" | <br>
 
| align="center" | <br>
 
| align="center" | <br>
 
| align="center" | <br>
 
|-
 
| [http://oaccframework.org/ OACC]<br>
 
| align="center" | Y<br>
 
| align="center" | Y<br>
 
| align="center" | <br>
 
| align="center" | Y<br>
 
| align="center" | Y<br>
 
| align="center" | <br>
 
| align="center" | <br>
 
| align="center" | <br>
 
|-
 
| [http://www.sapia-oss.org/projects/vlad/ Vlad]<br>
 
| align="center" | <br>
 
| align="center" | <br>
 
| align="center" | <br>
 
| align="center" | <br>
 
| align="center" | Y<br>
 
| align="center" | <br>
 
| align="center" | <br>
 
| align="center" | <br>
 
|}
 
 
 
<br>
 
 
 
[[Category:OWASP_Java_Project]]
 

Latest revision as of 17:05, 22 February 2016

This page has been moved to https://www.owasp.org/index.php/Category:Java#tab=Related_3rd_Party_Projects.