├── .gitignore ├── .mvn └── wrapper │ ├── maven-wrapper.jar │ └── maven-wrapper.properties ├── 01-PRACTICE-Security-Design-Principles.md ├── 02-PRACTICE-Authentication-and-Authorization.md ├── 03-PRACTICE-API-and-Microservices-Security.md ├── 04-PRACTICE-Topmost-Common-Attacks.md ├── 05-PRACTICE-Java-Process-Security.md ├── 06-PRACTICE-Security-Testing.md ├── 99-PRACTICE-Security-General-Quiz.md ├── Dockerfile-zap ├── README.md ├── assets ├── diagrams │ ├── software-architecture-diagram-authn-authz.svg │ └── software-architecture-diagram.svg └── images │ ├── hedgehog_logo_1280.png │ ├── hedgehog_logo_1920.png │ ├── hedgehog_logo_200.png │ ├── hedgehog_logo_3000.png │ ├── hedgehog_logo_320.png │ └── hedgehog_logo_640.png ├── bootstrap-keycloak.sh ├── bootstrap-pizza-application.sh ├── bootstrap-webgoat.sh ├── docker-compose-keycloak.yml ├── docker-compose-pizza-application.yml ├── docker-compose-webgoat.yml ├── docs ├── api-web-application-security-for-java-developers.md ├── core-application-security-for-java-developers.md ├── images │ ├── api_and_microservices_security.svg │ ├── authentication_and_authorization.svg │ ├── cors_headers.svg │ ├── cors_headers_preflight.svg │ ├── cors_headers_preflight_sequence_diagram.svg │ ├── cors_headers_use_case.svg │ ├── csp_headers.svg │ ├── jwks.svg │ ├── referrer_policy_header.svg │ ├── remote_code_execution.svg │ ├── secure_configuration_and_secrets_management.svg │ ├── security_testing.svg │ ├── strict_transport_security_header.svg │ ├── token_introspection.svg │ ├── x_content_type_options_header.svg │ ├── x_frame_options_header.svg │ └── x_xss_protection_header.svg └── security-application-testing-for-java-developers.md ├── encryption-decryption ├── pom.xml └── src │ └── main │ ├── java │ └── ionutbalosin │ │ └── training │ │ └── application │ │ └── security │ │ └── practices │ │ └── encryption │ │ └── decryption │ │ ├── asymetric │ │ ├── DigitalSignatureVerifier.java │ │ └── MessageEncryptDecrypt.java │ │ ├── hashing │ │ ├── HmacMessageAuthenticator.java │ │ ├── MessageHashing.java │ │ └── PasswordHashing.java │ │ └── symetric │ │ ├── FileDecryption.java │ │ └── FileEncryption.java │ └── resources │ └── confidential_file.txt ├── keycloak-init.sh ├── license ├── LICENSE ├── LICENSE-HEADER-JAVA └── LICENSE-HEADER-SHELL ├── mvnw ├── mvnw.cmd ├── owasp └── project-suppressions.xml ├── pizza-cooking-api ├── pom.xml └── src │ └── main │ └── resources │ └── service-api.yaml ├── pizza-cooking-service ├── .dockerignore ├── Dockerfile.svc ├── build-docker.sh ├── pom.xml └── src │ └── main │ ├── java │ └── ionutbalosin │ │ └── training │ │ └── application │ │ └── security │ │ └── practices │ │ └── pizza │ │ └── cooking │ │ └── service │ │ ├── Application.java │ │ ├── client │ │ └── DeliveryClient.java │ │ ├── config │ │ └── MapperConfig.java │ │ ├── controller │ │ └── CookingController.java │ │ ├── mapper │ │ └── PizzaDeliveryOrderDtoMapper.java │ │ └── service │ │ └── CookingService.java │ └── resources │ ├── application-dockerlocal.properties │ ├── application.properties │ └── logback.xml ├── pizza-delivery-api ├── pom.xml └── src │ └── main │ └── resources │ └── service-api.yaml ├── pizza-delivery-service ├── .dockerignore ├── Dockerfile.svc ├── build-docker.sh ├── pom.xml └── src │ └── main │ ├── java │ └── ionutbalosin │ │ └── training │ │ └── application │ │ └── security │ │ └── practices │ │ └── pizza │ │ └── delivery │ │ └── service │ │ ├── Application.java │ │ ├── client │ │ └── OrderClient.java │ │ ├── controller │ │ └── DeliveryController.java │ │ └── service │ │ └── DeliveryService.java │ └── resources │ ├── application-dockerlocal.properties │ ├── application.properties │ └── logback.xml ├── pizza-menu.json ├── pizza-order-api ├── pom.xml └── src │ └── main │ └── resources │ └── service-api.yaml ├── pizza-order-service ├── .dockerignore ├── Dockerfile.svc ├── build-docker.sh ├── pom.xml └── src │ └── main │ ├── java │ └── ionutbalosin │ │ └── training │ │ └── application │ │ └── security │ │ └── practices │ │ └── pizza │ │ └── order │ │ └── service │ │ ├── Application.java │ │ ├── cache │ │ └── PizzaCookingOrderCache.java │ │ ├── client │ │ └── CookingClient.java │ │ ├── config │ │ └── MapperConfig.java │ │ ├── controller │ │ └── OrderController.java │ │ ├── mapper │ │ └── PizzaCookingOrderDtoMapper.java │ │ ├── sanitizer │ │ └── OrderSanitizer.java │ │ ├── service │ │ └── OrderService.java │ │ └── validator │ │ └── UploadFileValidator.java │ └── resources │ ├── application-dockerlocal.properties │ ├── application.properties │ └── logback.xml ├── pom.xml ├── postman ├── Java-Application-Security-Practices.postman_collection.json └── Java-Application-Security-Practices.postman_environment.json ├── security-feign-logger-enricher ├── pom.xml └── src │ └── main │ ├── java │ └── ionutbalosin │ │ └── training │ │ └── application │ │ └── security │ │ └── practices │ │ └── feign │ │ └── logger │ │ └── enricher │ │ ├── CorrelationIdInterceptor.java │ │ ├── CustomSlf4jLogger.java │ │ └── FeignConfiguration.java │ └── resources │ └── META-INF │ └── spring │ └── org.springframework.boot.autoconfigure.AutoConfiguration.imports ├── security-slf4j-logger-enricher ├── pom.xml └── src │ └── main │ ├── java │ └── ionutbalosin │ │ └── training │ │ └── application │ │ └── security │ │ └── practices │ │ └── slf4j │ │ └── logger │ │ └── enricher │ │ ├── LoggerInterceptor.java │ │ └── LoggerInterceptorConfig.java │ └── resources │ └── META-INF │ └── spring │ └── org.springframework.boot.autoconfigure.AutoConfiguration.imports ├── security-token-client-credentials-fetcher ├── pom.xml └── src │ └── main │ └── java │ └── ionutbalosin │ └── training │ └── application │ └── security │ └── practices │ └── client │ └── credentials │ └── handler │ ├── IdpToken.java │ ├── IdpTokenFetcher.java │ └── util │ └── JsonObjectMapper.java ├── security-token-introspection ├── pom.xml └── src │ └── main │ ├── java │ └── ionutbalosin │ │ └── training │ │ └── application │ │ └── security │ │ └── practices │ │ └── token │ │ └── introspection │ │ ├── IntrospectionSecurityConfiguration.java │ │ └── OpaqueJwtIntrospector.java │ └── resources │ └── META-INF │ └── spring │ └── org.springframework.boot.autoconfigure.AutoConfiguration.imports ├── security-token-jwks ├── pom.xml └── src │ └── main │ ├── java │ └── ionutbalosin │ │ └── training │ │ └── application │ │ └── security │ │ └── practices │ │ └── jwks │ │ ├── JwksSecurityConfiguration.java │ │ └── JwtConverter.java │ └── resources │ └── META-INF │ └── spring │ └── org.springframework.boot.autoconfigure.AutoConfiguration.imports ├── serialization-deserialization ├── pom.xml └── src │ └── main │ ├── java │ └── ionutbalosin │ │ └── training │ │ └── application │ │ └── security │ │ └── practices │ │ └── serialization │ │ └── deserialization │ │ ├── clazz │ │ ├── MaliciousClazz.java │ │ ├── MaliciousClazzDeserializer.java │ │ └── TrustedClazz.java │ │ ├── xml │ │ └── XmlXxeDeserializer.java │ │ ├── yaml │ │ ├── User.java │ │ └── YamlBombDeserializer.java │ │ └── zip │ │ └── ZipBombDeserializer.java │ └── resources │ ├── xml_external_entity.xml │ ├── yaml_bomb.yaml │ └── zbsm.zip ├── spotbugs ├── spotbugs-security-exclude.xml └── spotbugs-security-include.xml ├── zap-entrypoint.sh ├── zap-scan.sh └── zap ├── reports └── empty └── zap-api-scan-rules.conf /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/.gitignore -------------------------------------------------------------------------------- /.mvn/wrapper/maven-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/.mvn/wrapper/maven-wrapper.jar -------------------------------------------------------------------------------- /.mvn/wrapper/maven-wrapper.properties: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/.mvn/wrapper/maven-wrapper.properties -------------------------------------------------------------------------------- /01-PRACTICE-Security-Design-Principles.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/01-PRACTICE-Security-Design-Principles.md -------------------------------------------------------------------------------- /02-PRACTICE-Authentication-and-Authorization.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/02-PRACTICE-Authentication-and-Authorization.md -------------------------------------------------------------------------------- /03-PRACTICE-API-and-Microservices-Security.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/03-PRACTICE-API-and-Microservices-Security.md -------------------------------------------------------------------------------- /04-PRACTICE-Topmost-Common-Attacks.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/04-PRACTICE-Topmost-Common-Attacks.md -------------------------------------------------------------------------------- /05-PRACTICE-Java-Process-Security.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/05-PRACTICE-Java-Process-Security.md -------------------------------------------------------------------------------- /06-PRACTICE-Security-Testing.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/06-PRACTICE-Security-Testing.md -------------------------------------------------------------------------------- /99-PRACTICE-Security-General-Quiz.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/99-PRACTICE-Security-General-Quiz.md -------------------------------------------------------------------------------- /Dockerfile-zap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/Dockerfile-zap -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/README.md -------------------------------------------------------------------------------- /assets/diagrams/software-architecture-diagram-authn-authz.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/assets/diagrams/software-architecture-diagram-authn-authz.svg -------------------------------------------------------------------------------- /assets/diagrams/software-architecture-diagram.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/assets/diagrams/software-architecture-diagram.svg -------------------------------------------------------------------------------- /assets/images/hedgehog_logo_1280.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/assets/images/hedgehog_logo_1280.png -------------------------------------------------------------------------------- /assets/images/hedgehog_logo_1920.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/assets/images/hedgehog_logo_1920.png -------------------------------------------------------------------------------- /assets/images/hedgehog_logo_200.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/assets/images/hedgehog_logo_200.png -------------------------------------------------------------------------------- /assets/images/hedgehog_logo_3000.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/assets/images/hedgehog_logo_3000.png -------------------------------------------------------------------------------- /assets/images/hedgehog_logo_320.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/assets/images/hedgehog_logo_320.png -------------------------------------------------------------------------------- /assets/images/hedgehog_logo_640.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/assets/images/hedgehog_logo_640.png -------------------------------------------------------------------------------- /bootstrap-keycloak.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/bootstrap-keycloak.sh -------------------------------------------------------------------------------- /bootstrap-pizza-application.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/bootstrap-pizza-application.sh -------------------------------------------------------------------------------- /bootstrap-webgoat.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/bootstrap-webgoat.sh -------------------------------------------------------------------------------- /docker-compose-keycloak.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/docker-compose-keycloak.yml -------------------------------------------------------------------------------- /docker-compose-pizza-application.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/docker-compose-pizza-application.yml -------------------------------------------------------------------------------- /docker-compose-webgoat.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/docker-compose-webgoat.yml -------------------------------------------------------------------------------- /docs/api-web-application-security-for-java-developers.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/docs/api-web-application-security-for-java-developers.md -------------------------------------------------------------------------------- /docs/core-application-security-for-java-developers.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/docs/core-application-security-for-java-developers.md -------------------------------------------------------------------------------- /docs/images/api_and_microservices_security.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/docs/images/api_and_microservices_security.svg -------------------------------------------------------------------------------- /docs/images/authentication_and_authorization.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/docs/images/authentication_and_authorization.svg -------------------------------------------------------------------------------- /docs/images/cors_headers.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/docs/images/cors_headers.svg -------------------------------------------------------------------------------- /docs/images/cors_headers_preflight.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/docs/images/cors_headers_preflight.svg -------------------------------------------------------------------------------- /docs/images/cors_headers_preflight_sequence_diagram.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/docs/images/cors_headers_preflight_sequence_diagram.svg -------------------------------------------------------------------------------- /docs/images/cors_headers_use_case.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/docs/images/cors_headers_use_case.svg -------------------------------------------------------------------------------- /docs/images/csp_headers.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/docs/images/csp_headers.svg -------------------------------------------------------------------------------- /docs/images/jwks.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/docs/images/jwks.svg -------------------------------------------------------------------------------- /docs/images/referrer_policy_header.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/docs/images/referrer_policy_header.svg -------------------------------------------------------------------------------- /docs/images/remote_code_execution.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/docs/images/remote_code_execution.svg -------------------------------------------------------------------------------- /docs/images/secure_configuration_and_secrets_management.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/docs/images/secure_configuration_and_secrets_management.svg -------------------------------------------------------------------------------- /docs/images/security_testing.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/docs/images/security_testing.svg -------------------------------------------------------------------------------- /docs/images/strict_transport_security_header.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/docs/images/strict_transport_security_header.svg -------------------------------------------------------------------------------- /docs/images/token_introspection.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/docs/images/token_introspection.svg -------------------------------------------------------------------------------- /docs/images/x_content_type_options_header.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/docs/images/x_content_type_options_header.svg -------------------------------------------------------------------------------- /docs/images/x_frame_options_header.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/docs/images/x_frame_options_header.svg -------------------------------------------------------------------------------- /docs/images/x_xss_protection_header.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/docs/images/x_xss_protection_header.svg -------------------------------------------------------------------------------- /docs/security-application-testing-for-java-developers.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/docs/security-application-testing-for-java-developers.md -------------------------------------------------------------------------------- /encryption-decryption/pom.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/encryption-decryption/pom.xml -------------------------------------------------------------------------------- /encryption-decryption/src/main/java/ionutbalosin/training/application/security/practices/encryption/decryption/asymetric/DigitalSignatureVerifier.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/encryption-decryption/src/main/java/ionutbalosin/training/application/security/practices/encryption/decryption/asymetric/DigitalSignatureVerifier.java -------------------------------------------------------------------------------- /encryption-decryption/src/main/java/ionutbalosin/training/application/security/practices/encryption/decryption/asymetric/MessageEncryptDecrypt.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/encryption-decryption/src/main/java/ionutbalosin/training/application/security/practices/encryption/decryption/asymetric/MessageEncryptDecrypt.java -------------------------------------------------------------------------------- /encryption-decryption/src/main/java/ionutbalosin/training/application/security/practices/encryption/decryption/hashing/HmacMessageAuthenticator.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/encryption-decryption/src/main/java/ionutbalosin/training/application/security/practices/encryption/decryption/hashing/HmacMessageAuthenticator.java -------------------------------------------------------------------------------- /encryption-decryption/src/main/java/ionutbalosin/training/application/security/practices/encryption/decryption/hashing/MessageHashing.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/encryption-decryption/src/main/java/ionutbalosin/training/application/security/practices/encryption/decryption/hashing/MessageHashing.java -------------------------------------------------------------------------------- /encryption-decryption/src/main/java/ionutbalosin/training/application/security/practices/encryption/decryption/hashing/PasswordHashing.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/encryption-decryption/src/main/java/ionutbalosin/training/application/security/practices/encryption/decryption/hashing/PasswordHashing.java -------------------------------------------------------------------------------- /encryption-decryption/src/main/java/ionutbalosin/training/application/security/practices/encryption/decryption/symetric/FileDecryption.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/encryption-decryption/src/main/java/ionutbalosin/training/application/security/practices/encryption/decryption/symetric/FileDecryption.java -------------------------------------------------------------------------------- /encryption-decryption/src/main/java/ionutbalosin/training/application/security/practices/encryption/decryption/symetric/FileEncryption.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/encryption-decryption/src/main/java/ionutbalosin/training/application/security/practices/encryption/decryption/symetric/FileEncryption.java -------------------------------------------------------------------------------- /encryption-decryption/src/main/resources/confidential_file.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/encryption-decryption/src/main/resources/confidential_file.txt -------------------------------------------------------------------------------- /keycloak-init.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/keycloak-init.sh -------------------------------------------------------------------------------- /license/LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/license/LICENSE -------------------------------------------------------------------------------- /license/LICENSE-HEADER-JAVA: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/license/LICENSE-HEADER-JAVA -------------------------------------------------------------------------------- /license/LICENSE-HEADER-SHELL: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/license/LICENSE-HEADER-SHELL -------------------------------------------------------------------------------- /mvnw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/mvnw -------------------------------------------------------------------------------- /mvnw.cmd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/mvnw.cmd -------------------------------------------------------------------------------- /owasp/project-suppressions.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/owasp/project-suppressions.xml -------------------------------------------------------------------------------- /pizza-cooking-api/pom.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/pizza-cooking-api/pom.xml -------------------------------------------------------------------------------- /pizza-cooking-api/src/main/resources/service-api.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/pizza-cooking-api/src/main/resources/service-api.yaml -------------------------------------------------------------------------------- /pizza-cooking-service/.dockerignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/pizza-cooking-service/.dockerignore -------------------------------------------------------------------------------- /pizza-cooking-service/Dockerfile.svc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/pizza-cooking-service/Dockerfile.svc -------------------------------------------------------------------------------- /pizza-cooking-service/build-docker.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/pizza-cooking-service/build-docker.sh -------------------------------------------------------------------------------- /pizza-cooking-service/pom.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/pizza-cooking-service/pom.xml -------------------------------------------------------------------------------- /pizza-cooking-service/src/main/java/ionutbalosin/training/application/security/practices/pizza/cooking/service/Application.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/pizza-cooking-service/src/main/java/ionutbalosin/training/application/security/practices/pizza/cooking/service/Application.java -------------------------------------------------------------------------------- /pizza-cooking-service/src/main/java/ionutbalosin/training/application/security/practices/pizza/cooking/service/client/DeliveryClient.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/pizza-cooking-service/src/main/java/ionutbalosin/training/application/security/practices/pizza/cooking/service/client/DeliveryClient.java -------------------------------------------------------------------------------- /pizza-cooking-service/src/main/java/ionutbalosin/training/application/security/practices/pizza/cooking/service/config/MapperConfig.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/pizza-cooking-service/src/main/java/ionutbalosin/training/application/security/practices/pizza/cooking/service/config/MapperConfig.java -------------------------------------------------------------------------------- /pizza-cooking-service/src/main/java/ionutbalosin/training/application/security/practices/pizza/cooking/service/controller/CookingController.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/pizza-cooking-service/src/main/java/ionutbalosin/training/application/security/practices/pizza/cooking/service/controller/CookingController.java -------------------------------------------------------------------------------- /pizza-cooking-service/src/main/java/ionutbalosin/training/application/security/practices/pizza/cooking/service/mapper/PizzaDeliveryOrderDtoMapper.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/pizza-cooking-service/src/main/java/ionutbalosin/training/application/security/practices/pizza/cooking/service/mapper/PizzaDeliveryOrderDtoMapper.java -------------------------------------------------------------------------------- /pizza-cooking-service/src/main/java/ionutbalosin/training/application/security/practices/pizza/cooking/service/service/CookingService.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/pizza-cooking-service/src/main/java/ionutbalosin/training/application/security/practices/pizza/cooking/service/service/CookingService.java -------------------------------------------------------------------------------- /pizza-cooking-service/src/main/resources/application-dockerlocal.properties: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/pizza-cooking-service/src/main/resources/application-dockerlocal.properties -------------------------------------------------------------------------------- /pizza-cooking-service/src/main/resources/application.properties: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/pizza-cooking-service/src/main/resources/application.properties -------------------------------------------------------------------------------- /pizza-cooking-service/src/main/resources/logback.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/pizza-cooking-service/src/main/resources/logback.xml -------------------------------------------------------------------------------- /pizza-delivery-api/pom.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/pizza-delivery-api/pom.xml -------------------------------------------------------------------------------- /pizza-delivery-api/src/main/resources/service-api.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/pizza-delivery-api/src/main/resources/service-api.yaml -------------------------------------------------------------------------------- /pizza-delivery-service/.dockerignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/pizza-delivery-service/.dockerignore -------------------------------------------------------------------------------- /pizza-delivery-service/Dockerfile.svc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/pizza-delivery-service/Dockerfile.svc -------------------------------------------------------------------------------- /pizza-delivery-service/build-docker.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/pizza-delivery-service/build-docker.sh -------------------------------------------------------------------------------- /pizza-delivery-service/pom.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/pizza-delivery-service/pom.xml -------------------------------------------------------------------------------- /pizza-delivery-service/src/main/java/ionutbalosin/training/application/security/practices/pizza/delivery/service/Application.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/pizza-delivery-service/src/main/java/ionutbalosin/training/application/security/practices/pizza/delivery/service/Application.java -------------------------------------------------------------------------------- /pizza-delivery-service/src/main/java/ionutbalosin/training/application/security/practices/pizza/delivery/service/client/OrderClient.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/pizza-delivery-service/src/main/java/ionutbalosin/training/application/security/practices/pizza/delivery/service/client/OrderClient.java -------------------------------------------------------------------------------- /pizza-delivery-service/src/main/java/ionutbalosin/training/application/security/practices/pizza/delivery/service/controller/DeliveryController.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/pizza-delivery-service/src/main/java/ionutbalosin/training/application/security/practices/pizza/delivery/service/controller/DeliveryController.java -------------------------------------------------------------------------------- /pizza-delivery-service/src/main/java/ionutbalosin/training/application/security/practices/pizza/delivery/service/service/DeliveryService.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/pizza-delivery-service/src/main/java/ionutbalosin/training/application/security/practices/pizza/delivery/service/service/DeliveryService.java -------------------------------------------------------------------------------- /pizza-delivery-service/src/main/resources/application-dockerlocal.properties: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/pizza-delivery-service/src/main/resources/application-dockerlocal.properties -------------------------------------------------------------------------------- /pizza-delivery-service/src/main/resources/application.properties: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/pizza-delivery-service/src/main/resources/application.properties -------------------------------------------------------------------------------- /pizza-delivery-service/src/main/resources/logback.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/pizza-delivery-service/src/main/resources/logback.xml -------------------------------------------------------------------------------- /pizza-menu.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/pizza-menu.json -------------------------------------------------------------------------------- /pizza-order-api/pom.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/pizza-order-api/pom.xml -------------------------------------------------------------------------------- /pizza-order-api/src/main/resources/service-api.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/pizza-order-api/src/main/resources/service-api.yaml -------------------------------------------------------------------------------- /pizza-order-service/.dockerignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/pizza-order-service/.dockerignore -------------------------------------------------------------------------------- /pizza-order-service/Dockerfile.svc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/pizza-order-service/Dockerfile.svc -------------------------------------------------------------------------------- /pizza-order-service/build-docker.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/pizza-order-service/build-docker.sh -------------------------------------------------------------------------------- /pizza-order-service/pom.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/pizza-order-service/pom.xml -------------------------------------------------------------------------------- /pizza-order-service/src/main/java/ionutbalosin/training/application/security/practices/pizza/order/service/Application.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/pizza-order-service/src/main/java/ionutbalosin/training/application/security/practices/pizza/order/service/Application.java -------------------------------------------------------------------------------- /pizza-order-service/src/main/java/ionutbalosin/training/application/security/practices/pizza/order/service/cache/PizzaCookingOrderCache.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/pizza-order-service/src/main/java/ionutbalosin/training/application/security/practices/pizza/order/service/cache/PizzaCookingOrderCache.java -------------------------------------------------------------------------------- /pizza-order-service/src/main/java/ionutbalosin/training/application/security/practices/pizza/order/service/client/CookingClient.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/pizza-order-service/src/main/java/ionutbalosin/training/application/security/practices/pizza/order/service/client/CookingClient.java -------------------------------------------------------------------------------- /pizza-order-service/src/main/java/ionutbalosin/training/application/security/practices/pizza/order/service/config/MapperConfig.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/pizza-order-service/src/main/java/ionutbalosin/training/application/security/practices/pizza/order/service/config/MapperConfig.java -------------------------------------------------------------------------------- /pizza-order-service/src/main/java/ionutbalosin/training/application/security/practices/pizza/order/service/controller/OrderController.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/pizza-order-service/src/main/java/ionutbalosin/training/application/security/practices/pizza/order/service/controller/OrderController.java -------------------------------------------------------------------------------- /pizza-order-service/src/main/java/ionutbalosin/training/application/security/practices/pizza/order/service/mapper/PizzaCookingOrderDtoMapper.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/pizza-order-service/src/main/java/ionutbalosin/training/application/security/practices/pizza/order/service/mapper/PizzaCookingOrderDtoMapper.java -------------------------------------------------------------------------------- /pizza-order-service/src/main/java/ionutbalosin/training/application/security/practices/pizza/order/service/sanitizer/OrderSanitizer.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/pizza-order-service/src/main/java/ionutbalosin/training/application/security/practices/pizza/order/service/sanitizer/OrderSanitizer.java -------------------------------------------------------------------------------- /pizza-order-service/src/main/java/ionutbalosin/training/application/security/practices/pizza/order/service/service/OrderService.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/pizza-order-service/src/main/java/ionutbalosin/training/application/security/practices/pizza/order/service/service/OrderService.java -------------------------------------------------------------------------------- /pizza-order-service/src/main/java/ionutbalosin/training/application/security/practices/pizza/order/service/validator/UploadFileValidator.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/pizza-order-service/src/main/java/ionutbalosin/training/application/security/practices/pizza/order/service/validator/UploadFileValidator.java -------------------------------------------------------------------------------- /pizza-order-service/src/main/resources/application-dockerlocal.properties: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/pizza-order-service/src/main/resources/application-dockerlocal.properties -------------------------------------------------------------------------------- /pizza-order-service/src/main/resources/application.properties: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/pizza-order-service/src/main/resources/application.properties -------------------------------------------------------------------------------- /pizza-order-service/src/main/resources/logback.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/pizza-order-service/src/main/resources/logback.xml -------------------------------------------------------------------------------- /pom.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/pom.xml -------------------------------------------------------------------------------- /postman/Java-Application-Security-Practices.postman_collection.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/postman/Java-Application-Security-Practices.postman_collection.json -------------------------------------------------------------------------------- /postman/Java-Application-Security-Practices.postman_environment.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/postman/Java-Application-Security-Practices.postman_environment.json -------------------------------------------------------------------------------- /security-feign-logger-enricher/pom.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/security-feign-logger-enricher/pom.xml -------------------------------------------------------------------------------- /security-feign-logger-enricher/src/main/java/ionutbalosin/training/application/security/practices/feign/logger/enricher/CorrelationIdInterceptor.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/security-feign-logger-enricher/src/main/java/ionutbalosin/training/application/security/practices/feign/logger/enricher/CorrelationIdInterceptor.java -------------------------------------------------------------------------------- /security-feign-logger-enricher/src/main/java/ionutbalosin/training/application/security/practices/feign/logger/enricher/CustomSlf4jLogger.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/security-feign-logger-enricher/src/main/java/ionutbalosin/training/application/security/practices/feign/logger/enricher/CustomSlf4jLogger.java -------------------------------------------------------------------------------- /security-feign-logger-enricher/src/main/java/ionutbalosin/training/application/security/practices/feign/logger/enricher/FeignConfiguration.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/security-feign-logger-enricher/src/main/java/ionutbalosin/training/application/security/practices/feign/logger/enricher/FeignConfiguration.java -------------------------------------------------------------------------------- /security-feign-logger-enricher/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/security-feign-logger-enricher/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports -------------------------------------------------------------------------------- /security-slf4j-logger-enricher/pom.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/security-slf4j-logger-enricher/pom.xml -------------------------------------------------------------------------------- /security-slf4j-logger-enricher/src/main/java/ionutbalosin/training/application/security/practices/slf4j/logger/enricher/LoggerInterceptor.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/security-slf4j-logger-enricher/src/main/java/ionutbalosin/training/application/security/practices/slf4j/logger/enricher/LoggerInterceptor.java -------------------------------------------------------------------------------- /security-slf4j-logger-enricher/src/main/java/ionutbalosin/training/application/security/practices/slf4j/logger/enricher/LoggerInterceptorConfig.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/security-slf4j-logger-enricher/src/main/java/ionutbalosin/training/application/security/practices/slf4j/logger/enricher/LoggerInterceptorConfig.java -------------------------------------------------------------------------------- /security-slf4j-logger-enricher/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/security-slf4j-logger-enricher/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports -------------------------------------------------------------------------------- /security-token-client-credentials-fetcher/pom.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/security-token-client-credentials-fetcher/pom.xml -------------------------------------------------------------------------------- /security-token-client-credentials-fetcher/src/main/java/ionutbalosin/training/application/security/practices/client/credentials/handler/IdpToken.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/security-token-client-credentials-fetcher/src/main/java/ionutbalosin/training/application/security/practices/client/credentials/handler/IdpToken.java -------------------------------------------------------------------------------- /security-token-client-credentials-fetcher/src/main/java/ionutbalosin/training/application/security/practices/client/credentials/handler/IdpTokenFetcher.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/security-token-client-credentials-fetcher/src/main/java/ionutbalosin/training/application/security/practices/client/credentials/handler/IdpTokenFetcher.java -------------------------------------------------------------------------------- /security-token-client-credentials-fetcher/src/main/java/ionutbalosin/training/application/security/practices/client/credentials/handler/util/JsonObjectMapper.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/security-token-client-credentials-fetcher/src/main/java/ionutbalosin/training/application/security/practices/client/credentials/handler/util/JsonObjectMapper.java -------------------------------------------------------------------------------- /security-token-introspection/pom.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/security-token-introspection/pom.xml -------------------------------------------------------------------------------- /security-token-introspection/src/main/java/ionutbalosin/training/application/security/practices/token/introspection/IntrospectionSecurityConfiguration.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/security-token-introspection/src/main/java/ionutbalosin/training/application/security/practices/token/introspection/IntrospectionSecurityConfiguration.java -------------------------------------------------------------------------------- /security-token-introspection/src/main/java/ionutbalosin/training/application/security/practices/token/introspection/OpaqueJwtIntrospector.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/security-token-introspection/src/main/java/ionutbalosin/training/application/security/practices/token/introspection/OpaqueJwtIntrospector.java -------------------------------------------------------------------------------- /security-token-introspection/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/security-token-introspection/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports -------------------------------------------------------------------------------- /security-token-jwks/pom.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/security-token-jwks/pom.xml -------------------------------------------------------------------------------- /security-token-jwks/src/main/java/ionutbalosin/training/application/security/practices/jwks/JwksSecurityConfiguration.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/security-token-jwks/src/main/java/ionutbalosin/training/application/security/practices/jwks/JwksSecurityConfiguration.java -------------------------------------------------------------------------------- /security-token-jwks/src/main/java/ionutbalosin/training/application/security/practices/jwks/JwtConverter.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/security-token-jwks/src/main/java/ionutbalosin/training/application/security/practices/jwks/JwtConverter.java -------------------------------------------------------------------------------- /security-token-jwks/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/security-token-jwks/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports -------------------------------------------------------------------------------- /serialization-deserialization/pom.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/serialization-deserialization/pom.xml -------------------------------------------------------------------------------- /serialization-deserialization/src/main/java/ionutbalosin/training/application/security/practices/serialization/deserialization/clazz/MaliciousClazz.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/serialization-deserialization/src/main/java/ionutbalosin/training/application/security/practices/serialization/deserialization/clazz/MaliciousClazz.java -------------------------------------------------------------------------------- /serialization-deserialization/src/main/java/ionutbalosin/training/application/security/practices/serialization/deserialization/clazz/MaliciousClazzDeserializer.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/serialization-deserialization/src/main/java/ionutbalosin/training/application/security/practices/serialization/deserialization/clazz/MaliciousClazzDeserializer.java -------------------------------------------------------------------------------- /serialization-deserialization/src/main/java/ionutbalosin/training/application/security/practices/serialization/deserialization/clazz/TrustedClazz.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/serialization-deserialization/src/main/java/ionutbalosin/training/application/security/practices/serialization/deserialization/clazz/TrustedClazz.java -------------------------------------------------------------------------------- /serialization-deserialization/src/main/java/ionutbalosin/training/application/security/practices/serialization/deserialization/xml/XmlXxeDeserializer.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/serialization-deserialization/src/main/java/ionutbalosin/training/application/security/practices/serialization/deserialization/xml/XmlXxeDeserializer.java -------------------------------------------------------------------------------- /serialization-deserialization/src/main/java/ionutbalosin/training/application/security/practices/serialization/deserialization/yaml/User.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/serialization-deserialization/src/main/java/ionutbalosin/training/application/security/practices/serialization/deserialization/yaml/User.java -------------------------------------------------------------------------------- /serialization-deserialization/src/main/java/ionutbalosin/training/application/security/practices/serialization/deserialization/yaml/YamlBombDeserializer.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/serialization-deserialization/src/main/java/ionutbalosin/training/application/security/practices/serialization/deserialization/yaml/YamlBombDeserializer.java -------------------------------------------------------------------------------- /serialization-deserialization/src/main/java/ionutbalosin/training/application/security/practices/serialization/deserialization/zip/ZipBombDeserializer.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/serialization-deserialization/src/main/java/ionutbalosin/training/application/security/practices/serialization/deserialization/zip/ZipBombDeserializer.java -------------------------------------------------------------------------------- /serialization-deserialization/src/main/resources/xml_external_entity.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/serialization-deserialization/src/main/resources/xml_external_entity.xml -------------------------------------------------------------------------------- /serialization-deserialization/src/main/resources/yaml_bomb.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/serialization-deserialization/src/main/resources/yaml_bomb.yaml -------------------------------------------------------------------------------- /serialization-deserialization/src/main/resources/zbsm.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/serialization-deserialization/src/main/resources/zbsm.zip -------------------------------------------------------------------------------- /spotbugs/spotbugs-security-exclude.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/spotbugs/spotbugs-security-exclude.xml -------------------------------------------------------------------------------- /spotbugs/spotbugs-security-include.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/spotbugs/spotbugs-security-include.xml -------------------------------------------------------------------------------- /zap-entrypoint.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/zap-entrypoint.sh -------------------------------------------------------------------------------- /zap-scan.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/zap-scan.sh -------------------------------------------------------------------------------- /zap/reports/empty: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /zap/zap-api-scan-rules.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionutbalosin/java-application-security-practices/HEAD/zap/zap-api-scan-rules.conf --------------------------------------------------------------------------------