Skip to content

This repository gives you the knowledge and resources to build secure and resilient web applications.

Notifications You must be signed in to change notification settings

mohammadkamrani/web-app-security-libraries

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
 
 

Repository files navigation

Secure Coding: Security Libraries for Web Development

This repository contains a curated list of security libraries for various programming languages commonly used in web application and API development.

Table of Contents


Golang

  • authelia: Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for your applications via a web portal. It acts as a companion for reverse proxies by allowing, denying, or redirecting requests.
  • casbin: An authorization library that supports access.
  • caswaf: HTTP & OAuth Gateway and Web Application Firewall (WAF) based on ModSecurity.
  • coraza: OWASP Coraza WAF is a golang modsecurity compatible web application firewall library .
  • crypto: Standard cryptographic functions for Go. control models like ACL, RBAC, and ABAC.
  • go-password-validator: Validate the Strength of a Password in Go.
  • gorilla/csrf: is a HTTP middleware library that provides cross-site request forgery (CSRF) protection.
  • jwt-go: JSON Web Tokens (JWT) implementation for Go.
  • secure: HTTP middleware for Go that facilitates some quick security wins.

Java

  • apache shiro: A versatile security framework for Java applications, providing authentication, authorization, cryptography, and session management.
  • bouncy castle: A cryptographic library for Java that provides APIs for various cryptographic operations.
  • owasp java html sanitizer: A library to help prevent Cross-Site Scripting (XSS) attacks.
  • spring security: A powerful and highly customizable authentication and access control framework for Java applications.

Node.js

  • bcrypt: A library for hashing passwords in Node.js applications.
  • Helmet: A collection of middleware to help secure Express apps by setting various HTTP headers.
  • jsonwebtoken: JSON Web Token (JWT) implementation for Node.js.
  • node-rate-limiter-flexible: counts and limits number of actions by key and protects from DDoS and brute force attacks at any scale
  • passport: Passport is authentication middleware for Node.js. Extremely flexible and modular, Passport can be unobtrusively dropped in to any Express-based web application.
  • validator: A library of string validators and sanitizers.

PHP

  • HTML Purifier: HTML Purifier is an HTML filtering solution that uses a unique combination of robust whitelists and aggressive parsing to ensure that not only are XSS attacks thwarted, but the resulting HTML is standards compliant.
  • Laravel Sanctum: A simple package for API token authentication in Laravel PHP applications.
  • League/OAuth2-Server: is a standards compliant implementation of an OAuth 2.0 authorization server written in PHP which makes working with OAuth 2.0 trivial.
  • paragonie/random_compat: A compatibility library providing random_bytes() and random_int() for older PHP versions.
  • Parsedown: Parsedown is capable of escaping user-input within the HTML that it generates.
  • PHP Encryption: A PHP Secure Communications Library providing basic RSA, DSA, and SSH-2 functionality.
  • Security Component - Core: Security provides an infrastructure for sophisticated authorization systems, which makes it possible to easily separate the actual authorization logic from so called user providers that hold the users credentials.
  • Security Component - CSRF: The Security CSRF (cross-site request forgery) component provides a class CsrfTokenManager for generating and validating CSRF tokens.
  • Security Component - Guard: The Guard component brings many layers of authentication together, making it much easier to create complex authentication systems where you have total control.

.NET

  • ASP.NET Core Identity: A membership system for building secure ASP.NET Core web applications, providing user authentication, authorization, and account management.
  • Microsoft.AspNetCore.DataProtection: Data protection APIs for protecting and unprotecting data.
  • NWebsec: Helps you set important security headers and detect potentially dangerous redirects.
  • System.Security.Cryptography: Provides cryptographic services, including secure encoding and decoding of data, as well as many other operations, such as hashing, random number generation, and message authentication.

Ruby

  • Devise: A flexible authentication solution for Ruby on Rails.
  • sinatra/rack-protection: Middleware for protecting against common web attacks (XSS, CSRF, Clickjacking, Directory Traversal, Session Hijacking and IP Spoofing)
  • nokogiri: Securely parses HTML and XML.
  • Bycrypt: A library for hashing passwords securely using the bcrypt algorithm in Ruby.

Python

  • OWASP Python Security Project: A collection of Python security-related tools and libraries.
  • django-allauth: A Django authentication library providing support for various authentication methods, including social authentication.
  • cryptography: A Python library providing cryptographic recipes and primitives.

About

This repository gives you the knowledge and resources to build secure and resilient web applications.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published