Open Source JSP Security Software

EJBCA is an enterprise class PKI Certificate Authority built on JEE technology. It is a robust, high performance, platform independent, flexible, and component based CA to be used standalone or integrated in other JEE applications.

Untangle is a Linux-based network gateway with pluggable modules for network applications like spam blocking, web filtering, anti-virus, anti-spyware, intrusion prevention, bandwidth control, captive portal, VPN, firewall, and more. Visit http://untangle.com

Cyberoam iView; the Intelligent Logging & Reporting solution provides organizations network visibility across multiple devices to achieve higher levels of security, data confidentiality while meeting the requirements of regulatory compliance. To know more about Cyberoam and it’s security solutions visit us at www.cyberoam.com.

This is Vulnerable Web Application developed for course by Cyber Security and Privacy Foundation (www.cysecurity.org) for Java programmers The full course on Hacking and Securing Web Java Programs is available in https://www.udemy.com/hacking-securing-java-web-programming/ WAR file: ---------- https://sourceforge.net/projects/javavulnerablelab/files/latest/JavaVulnerableLab.war/download Virtualbox VM file: -------------------------- http://sourceforge.net/projects/javavulnerablelab/files/v0.1/JavaVulnerableLab.ova/download Credentials for the VM: ------------------------ Username: root Password: cspf Stand-alone file: (Run the Jar file directly) -------------- http://sourceforge.net/projects/javavulnerablelab/files/v0.2/JavaVulnerableLab.jar/download

FOAFRealm (also called D-FOAF in version 2.0) is a distributed user profile management system based on FOAF. FOAFRealm is a set of tools that enables to manipulate FOAF (Friend-of-a-Friend) information within J2EE application and provides Realm implement

This project provides a jCryption 2.0 implementation for Java (http://www.jcryption.org/).

AmavisAdmin is a tool to maintain SPAMs, Viruses and blocked mails written to an SQL database by Amavisd-new. Mails can be removed automatically or manually, or they can be released to be send to the recipients.

The purpose of this project is to demonstrate Information Card interoperability on heterogeneous platforms written using Java language to support Apache Tomcat, JBoss & SUN Application Server platforms running on Linux.

JSSF - Java Server Security Faces it's framework for security layer. With JSP tags and pages/resource access control. Support MyFaces and Sun RI JSF

The OWASP Security Shepherd project enables users to learn or to improve upon existing manual penetration testing skills. Utilizing the OWASP top ten as a challenge test bed, common security vulnerabilities can be explored and their impact on a system understood. The by-product of this challenge game is the acquired skill to harden a player's own environment from OWASP top ten security risks. The modules have been crafted to provide not only a challenge for a security novice, but security professionals as well. If you'd like to download the V3.0 VM, you can download it from github: https://github.com/OWASP/SecurityShepherd/releases/tag/v3.0 Try it live: https://owasp.securityshepherd.eu Raise issues here: https://github.com/markdenihan/owaspSecurityShepherd/issues More Info here: https://www.owasp.org/index.php/OWASP_Security_Shepherd

Odyssi PKI aims to be a complete PKI suite written in Java, and designed from the ground up with security in mind. When completed, it will be fully standards compliant with PKIX, XKMS, OCSP, and other PKI standards.

Open eSign allows software developers and technical parties in a company to create secure, online (web-based) forms and documents that follow a business process flow and enable legally recognized electronic signatures using digital signature technology.

“Instead of remembering a sequence of characters as the secret, users have to remember a shape as the secret.”

SQLPrevent, implemented in J2EE, is an effective and efficient tool for detecting and preventing known as well as unseen SQL injection attacks without efforts from web developers.

SecurityPrivacy is an open source software to let italian companies build DPSS and moduls needed for D. Lgs. 196/2003

Web-based SiteMinder admin web application that works remotely from the Policy Server. Two versions available which is struts and dwr(ajax) based. Great for integration into other web admins.

ABouncer for Spring Security provides a convenient and robust web interface for managing Users, User Groups, Authorities, ACL lists and more

The Titan Firewall is an interface Web to manage firewall based on Linux with iptables. It supports filtrate of packages, NAT, logs, VPN's... Implemented in Java and jsp.

An easy to use client and verifier for WebID IDPs

Il Wifi-Gateway è un captive portal che permette l'accesso al network mediante vari metodi di autenticazione quali: CRS/CNS via IdPC, One-Time Password, Radius server, SMS ( tramite Skebby ). Il sistema è basato su CAS, NoCat e NoCatCAS.

The purpose of eAudit is to provide a comprehensive reporting capability relating to Electronic Auditing for various industries.

Free Version - Krytponite Free provides 2048 bit encryption on any type of file as text, pdf, mp3, etc. This implementation is platform independent and uses an apache-tomcat server, and runs all computers (Linux, PC, and Mac).

A vulnerable web application designed to help assessing the features, quality and accuracy of web application vulnerability scanners. This evaluation platform contains a collection of unique vulnerable web pages that can be used to test the various properties of web application scanners. Visit WAVSEP homepage to learn more: https://code.google.com/p/wavsep/ The project includes the following test cases: Path Traversal/LFI: 816 test cases (GET & POST) Remote File Inclusion (XSS via RFI): 108 test cases (GET & POST) Reflected XSS: 66 test cases, implemented in 64 jsp pages (GET & POST) Error Based SQL Injection: 80 test cases, implemented in 76 jsp pages (GET & POST) Blind SQL Injection: 46 test cases, implemented in 44 jsp pages (GET & POST) Time Based SQL Injection: 10 test cases, implemented in 10 jsp pages (GET & POST)