You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+20-20Lines changed: 20 additions & 20 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -15,63 +15,63 @@ Projects containing a Dockerfile can be launched via `docker run -d -i -p 8080:8
15
15
image has been created. The other web applications either contain an embedded **Tomcat7 Maven plugin** which can be
16
16
started via **mvn tomcat7:run-war** or an embedded **Jetty Maven plugin** which can be started via **mvn jetty:run-war**.
17
17
18
-
##access-control-spring-security
18
+
##access-control-spring-security
19
19
Access control demo project utilizing [Spring Security](http://projects.spring.io/spring-security) in a Spring Boot application. Shows how to safely load user data from a database without using potentially faked frontend values. After launching, open the web application in your browser at **http://localhost:8080**.
20
20
21
-
##crypto-spring
21
+
##crypto-spring
22
22
Crypto demo project based on Spring Boot using [Jasypt](http://www.jasypt.org) and [jasypt-spring-boot](https://github.com/ulisesbocchio/jasypt-spring-boot) to secure [Spring](http://spring.io) configuration (property) files. Requires a system property (environment variable) **jasypt.encryptor.password** with the value **spring-jasypt** present on startup. After launching, open the web application in your browser at **http://localhost:8080**.
23
23
24
-
##csp-spring-security
24
+
##csp-spring-security
25
25
Spring Boot based web application using a Content Security Policy (CSP) header. After launching, open the web application in your browser at **http://localhost:8080**.
26
26
27
-
##csrf-spring-security
27
+
##csrf-spring-security
28
28
Cross-Site Request Forgery (CSRF) demo project based on Spring Boot preventing CSRF in a web application by utilizing [Spring Security](http://projects.spring.io/spring-security). After launching, open the web application in your browser at **http://localhost:8080**.
29
29
30
-
##csrf
30
+
##csrf
31
31
Cross-Site Request Forgery (CSRF) demo project preventing CSRF in a JavaServer Pages (JSP) web application. Sample code is based on the [Enterprise Security API (ESAPI)](https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API). After launching, open the web application in your browser at **http://localhost:8080/csrf**.
32
32
33
-
##direct-object-references
33
+
##direct-object-references
34
34
Direct object references (and indirect object references) demo project using Spring Boot. Sample code is based on the [Enterprise Security API (ESAPI)](https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API). After launching, open the web application in your browser at **http://localhost:8080**.
35
35
36
-
##intercept-me
36
+
##intercept-me
37
37
Spring Boot based web application to experiment with [OWASP ZAP](https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project) as intercepting proxy. Target is to receive **SUCCESS** from the backend. After launching, open the web application in your browser at **http://localhost:8080**.
38
38
39
-
##security-header
39
+
##security-header
40
40
Security response header demo project which applies **X-Content-Type-Options**, **Cache-Control**, **X-Frame-Options**, **HTTP Strict Transport Security (HSTS)**, **X-XSS-Protection** and **Content Security Policy (CSP)** (Level 1 and 2) headers to HTTP responses. After launching, open the web application in your browser at **http://localhost:8080/security-header** or **https://localhost:8443/security-header**.
41
41
42
-
##security-logging
42
+
##security-logging
43
43
Security logging demo project based on the [OWASP Security Logging Project](https://www.owasp.org/index.php/OWASP_Security_Logging_Project). After launching, open the web application in your browser at **http://localhost:8080/security-logging**.
44
44
45
-
##session-handling-spring-security
45
+
##session-handling-spring-security
46
46
Session handling demo project based on Spring Boot utilizing [Spring Security](http://projects.spring.io/spring-security). Shows how to restrict access to resources (URLs), how to apply method level security and how to securely store and verify passwords. Uses Spring Security for all security related functionality. After launching, open the web application in your browser at **http://localhost:8080**.
47
47
48
-
##session-handling
48
+
##session-handling
49
49
Session handling demo project using plain Java. Uses plain Java to create and update the session id after logging in. Requires a web server with Servlet 3.1 support. After launching, open the web application in your browser at **http://localhost:8080/session-handling**.
50
50
51
-
##sql-injection
51
+
##sql-injection
52
52
Spring Boot based web application to experiment with normal (vulnerable) statements, statements with escaped input, and prepared statements. After launching, open the web application in your browser at **http://localhost:8080**.
53
53
54
-
##sso-with-github
54
+
##sso-with-github
55
55
Contains a Spring Boot demo application with GitHub login. Requires to setup an application in your GitHub account and to provide `github.client.clientId` and `github.client.clientSecret` as runtime parameters. After launching, open the web application in your browser at **http://localhost:8080**.
56
56
57
-
##xss
57
+
##xss
58
58
Cross-Site Scripting (XSS) demo project preventing XSS in a JavaServer Pages (JSP) web application by utilizing input validation, output escaping with [OWASP Java Encoder](https://www.owasp.org/index.php/OWASP_Java_Encoder_Project) and the [Content Security Policy (CSP)](http://www.w3.org/TR/CSP). After launching, open the web application in your browser at **http://localhost:8080/xss**.
59
59
60
-
#Command Line Applications in Detail
60
+
#Command Line Applications in Detail
61
61
All projects contain **main** methods to get started.
62
62
63
-
##crypto-hash
63
+
##crypto-hash
64
64
Crypto demo project using Java to hash passwords with different hashing algorithms. All classes contain **main** methods to execute the samples.
65
65
66
-
##crypto-java
66
+
##crypto-java
67
67
Crypto demo project using plain Java to encrypt and decrypt data with asymmetric (RSA) and symmetric (AES) keys as well as to sign and verify data (DSA). All classes contain **main** methods to execute the samples.
68
68
69
-
##crypto-keyczar
69
+
##crypto-keyczar
70
70
Crypto demo project using [Keyczar](http://www.keyczar.org) to encrypt and decrypt data with asymmetric (RSA) and symmetric (AES) keys as well as to sign and verify data (DSA). All classes contain **main** methods to execute the samples.
71
71
72
-
##crypto-shiro
72
+
##crypto-shiro
73
73
Crypto demo project using [Apache Shiro](http://shiro.apache.org) to encrypt and decrypt data with symmetric (AES) keys as well as hash data (passwords). All classes contain **main** methods to execute the samples.
0 commit comments