APIKit：Discovery, Scan and Audit APIs Toolkit All In One.

Proactive, Open source API security → API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom tests, Sensitive data exposure

digiRunner: Your API Gateway for Microservices

some examples that show basic and more advanced implementations of oauth2 authorization mechanism in spring-cloud microservices environment

Application security best practices and code implementations for Java developers. This project is intended for didactic purposes only, supporting my training course.

A companion repo for the blog article: https://blog.approov.io/adding-oauth2-to-mobile-android-and-ios-clients-using-the-appauth-sdk

api-crypto-spring-boot 是基于 Spring Boot 开发的控制器统一注解方式自动加解密 请求体、响应体 的启动器，该组件能够提供在 接口交互过程中数据的安全保护能力。支持常见的 加解密算法、编码、签名 等模式;

API Design & Security

Burp Suite extension for passive GraphQL reconnaissance. Catalogs operations from proxy traffic, tracks variable shapes with sample values, stores original requests per signature, and sends to Intruder with auto-marked payload positions. Supports status triage, export/import for session persistence, and batched mutation detection.

Book Review Hub is a comprehensive and scalable book review platform built with a modern backend architecture using Spring Boot and MySQL. Designed as a learning-oriented, Goodreads-inspired application, it follows industry best practices for system design, database management, and API security.

Strengthens OAuth2 authorization by using mobile app attestation

AI-powered REST API security scanner — analyzes OpenAPI 3.x specs for OWASP API Top 10 vulnerabilities

MCP server for OWASP ZAP security scanning - enables AI agents to perform automated web security testing via the Model Context Protocol

This project demonstrates how to implement JWT (JSON Web Token) authentication and authorization in a Spring Boot application using Spring Security. It covers: User Registration and Login: Endpoints for user signup and login that generate JWT tokens. Token-Based Authentication: Securing REST APIs by validating JWT tokens in request headers. Role

A Burp Suite extension that imports Postman, Swagger, Openapi .json files directly into Burp. It parses requests (method, URL, headers, body) and displays them in a table, allowing users to send selected requests to Repeater.

3rd Party Full Stack APP, a restaurant POS software system to take customers' orders, accept payments, handling customer order histories.

SecurePasswordStorage is a robust Java Spring Boot application designed to ensure the secure storage and management of user passwords. With a focus on security and usability, this application provides reliable mechanisms for creating, retrieving, and managing user credentials.

Spring Security, explorando diferentes tipos de autenticação, incluindo OAuth2 e JWT, gestão e persistência de usuários em banco de dados, além de outras funcionalidades avançadas de segurança.

This project is a Spring MVC-based Java application that implements a security interceptor to validate incoming HTTP requests and prevent common vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), and malicious file uploads.

Para acompanhamento do curso Spring Boot 3: aplique boas práticas e proteja uma API Rest