Java
Explore 32 curated tools and resources
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Commercial
Resources
Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
Free
Resources
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Commercial
Application Security
Check Point CloudGuard WAF
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.
Commercial
Application Security
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
Commercial
Cloud Security
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
Commercial
Application Security
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Commercial
Cloud Security
LATEST ADDITIONS
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
Embeddable Yara library for Java with support for loading rules and scanning data.
Open-source Java application for creating proxies for traffic analysis & modification.
A free book providing design and implementation guidelines for writing secure programs in various languages.
Online Java decompiler tool with support for modern Java features.
A tool for identifying and analyzing Java serialized objects in network traffic
Guidelines for secure coding in Java SE to avoid bugs that could weaken security and open holes in Java's security features.
Tools for working with Android .dex and Java .class files, including dex-reader/writer, d2j-dex2jar, and smali/baksmali.
A minimal library to generate YARA rules from JAVA with maven support.
A vulnerable web application for learning about web application vulnerabilities and writing secure code.
Practical security policy enforcement for Android apps via bytecode rewriting and in-place reference monitor.
Instrumentation-based approach for resolving reflective calls in Android apps.
An open source digital forensic tool for processing and analyzing digital evidence with high performance and multiplatform support.
Dynamic Java code instrumentation kit for Android applications.
A tool for translating Dalvik bytecode to equivalent Java bytecode, allowing Java analysis tools to analyze Android applications.
A cheat sheet for pentesters and researchers about deserialization vulnerabilities in various Java (JVM) serialization libraries.
A tool for translating Dalvik bytecode to Java bytecode for analyzing Android applications.
A minimalistic Java library for representing threat model data in a normalized way and automating threat intelligence extraction.
A standalone binary inspection tool for Android developers with support for various formats and dependencies.
A honeypot mimicking Tomcat manager endpoints to log requests and save attacker's WAR files for analysis.
Krakatau provides an assembler and disassembler for Java bytecode, supporting conversion, creation, examination, comparison, and decompilation of Java binaries.
Standalone graphical utility for viewing Java source codes from ".class" files.
nudge4j is a tool to control Java applications from the browser and experiment with live code.
MARA is a Mobile Application Reverse engineering and Analysis Framework with various features for testing mobile applications against OWASP mobile security threats.
Java decompiler GUI tool for Procyon under Apache License.
JAADAS is a powerful tool for static analysis of Android applications, providing features like API misuse analysis and inter-procedure dataflow analysis.
Fernflower is an analytical decompiler for Java with command-line options and support for external classes.
Python wrapper for Android APK decompilation with various converter and decompiler options.
