awesome-repositories.com
Blog
awesome-repositories.com

Entdecke die besten Open-Source-Repositories mit KI-gestützter Suche.

EntdeckenKuratierte SuchenOpen-Source-AlternativenSelf-hosted SoftwareBlogSitemap
ProjektÜber unsRanking-MethodikPresseMCP-Server
RechtlichesDatenschutzAGB
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·

Web security middleware

Ranking aktualisiert am 8. Juli 2026

For a security middleware for web applications, the strongest matches are spring-projects/spring-security (Spring Security is a comprehensive Java framework that provides), helmetjs/helmet (Helmet is a specialized middleware library for Express) and kickstarter/rack-attack (This is a Rack-based middleware component that provides essential). authelia/authelia and casbin/casbin round out the shortlist. Each is ranked by relevance to your query, popularity and recent activity.

Find the best web security middleware for your stack. We compare top-rated GitHub repositories by activity and features to help you pick the right one.

Web security middleware

Finde die besten Repos mit KI.Wir suchen mit KI nach den am besten passenden Repositories.
  • spring-projects/spring-securityAvatar von spring-projects

    spring-projects/spring-security

    9,535Auf GitHub ansehen↗

    Spring Security is a comprehensive security framework for Java applications that provides authentication and authorization for both web and non-web environments. It functions as an implementation of authentication and authorization logic integrated with the Java runtime environment to protect sensitive resources from unauthorized access. The framework includes toolkits for implementing OpenID Connect and OAuth 2.0 authorization servers and clients, as well as tools for integrating SAML 2.0 identity providers to enable cross-domain single sign-on. It utilizes a role-based access control system

    Spring Security is a comprehensive Java framework that provides a robust security filter chain for implementing HTTP headers, request filtering, authentication, authorization, and protection against common web vulnerabilities.

    JavaRole-Based Access ControlRole-Based Access Control Systems
    Auf GitHub ansehen↗9,535
  • helmetjs/helmetAvatar von helmetjs

    helmetjs/helmet

    10,692Auf GitHub ansehen↗

    Helmet is an Express.js middleware library that sets a comprehensive collection of HTTP security headers to protect web applications from common vulnerabilities like cross-site scripting and clickjacking. At its core, it provides a configurable middleware system for injecting security headers into HTTP responses, with a primary focus on Content Security Policy configuration through custom directives and report-only testing modes. The library distinguishes itself through a flexible configuration surface that supports method chaining for composing multiple headers in a single expression, as wel

    Helmet is a specialized middleware library for Express.js that directly addresses the core requirement of implementing HTTP security headers to protect web applications from common vulnerabilities.

    TypeScriptHTTP Security HeadersSecurity HeadersSecurity Header Presets
    Auf GitHub ansehen↗10,692
  • kickstarter/rack-attackAvatar von kickstarter

    kickstarter/rack-attack

    5,744Auf GitHub ansehen↗

    This project is a Rack middleware rate limiter and application layer firewall for Ruby web applications. It serves as a security layer to throttle and block HTTP requests based on custom rules, protecting web servers from abusive traffic. The system provides capabilities for IP blocking and the banning of malicious clients. It implements request safelisting to bypass restrictions for trusted users and uses time-windowed rate limiting to control request frequency. The middleware covers traffic management and monitoring, including the ability to track request patterns and instrument traffic ev

    This is a Rack-based middleware component that provides essential request filtering, rate limiting, and abuse prevention for Ruby web applications, fitting the category of security middleware even though it focuses primarily on traffic-based protection rather than the full suite of security headers.

    RubyRequest Blocking
    Auf GitHub ansehen↗5,744
  • authelia/autheliaAvatar von authelia

    authelia/authelia

    26,785Auf GitHub ansehen↗

    Authelia is a centralized identity and access management server designed to secure web applications through unified authentication and authorization. It functions as an identity authority that enables single sign-on across diverse platforms, allowing users to access multiple services with a single set of credentials. By acting as a standards-compliant provider, it facilitates secure identity propagation and token issuance for client applications. The platform distinguishes itself through its ability to integrate directly with web gateways as a reverse proxy authentication middleware, intercep

    Authelia acts as a specialized authentication and authorization middleware that integrates with reverse proxies to secure web applications, directly addressing the identity and access management requirements of your search.

    GoAuthentication Middleware
    Auf GitHub ansehen↗26,785
  • casbin/casbinAvatar von casbin

    casbin/casbin

    19,848Auf GitHub ansehen↗

    Casbin is an authorization library that provides a model-based engine for enforcing access control across diverse application environments. It decouples authorization logic from application code by using a configuration-driven approach, allowing developers to define access rules and evaluation logic independently. The system supports a wide range of access control models, including role-based, attribute-based, and relationship-based patterns, which are evaluated at runtime to determine if a subject is permitted to perform an action on a resource. The project distinguishes itself through a hig

    Casbin is a specialized authorization library that provides a robust, model-based engine for enforcing access control, which directly addresses the authentication and authorization requirements of your security middleware stack.

    GoAuthorization MiddlewareRole-Based Access Control
    Auf GitHub ansehen↗19,848
  • krakenjs/kraken-jsAvatar von krakenjs

    krakenjs/kraken-js

    4,919Auf GitHub ansehen↗

    Kraken-js is a configuration-driven server manager and application framework for bootstrapping Node.js web applications. It provides a system for defining server behavior, middleware chains, and environment settings through JSON files rather than manual code. The framework focuses on separating application logic from infrastructure setup by resolving and injecting middleware into the request chain based on external configuration. It utilizes environment-based configuration merging to override baseline settings with context-specific values during startup. The system covers server security thr

    Kraken-js is a configuration-driven framework for Node.js that includes built-in middleware for managing security headers and application-level security configurations, making it a suitable tool for securing web application infrastructure.

    JavaScriptSecurity Headers
    Auf GitHub ansehen↗4,919
  • nathanl/authorityAvatar von nathanl

    nathanl/authority

    1,197Auf GitHub ansehen↗

    Authority is an authorization framework for Ruby on Rails applications that manages user permissions and access control policies. It provides a system for encapsulating complex security logic into dedicated classes, separating these concerns from core business models. The library enforces security rules by intercepting web requests at the controller level and validating actions against defined policies. It utilizes convention-based mapping to automatically associate models with their corresponding authorization classes, supporting both global checks and instance-aware validation for specific

    This library provides authorization and access control middleware for Ruby on Rails, directly addressing the authentication and authorization requirements of web application security.

    RubyRole-Based Access Control
    Auf GitHub ansehen↗1,197
  • honojs/honoAvatar von honojs

    honojs/hono

    30,994Auf GitHub ansehen↗

    Hono is a lightweight web framework built on Web Standard APIs that executes across JavaScript runtimes including Cloudflare Workers, Deno, Bun, and Node.js.

    Hono is a web framework that includes built-in middleware for security headers, CORS management, rate limiting, and authentication, making it a capable tool for securing web applications despite being a broader framework rather than a dedicated security-only library.

    TypeScriptCORS Policies
    Auf GitHub ansehen↗30,994
  • corazawaf/corazaAvatar von corazawaf

    corazawaf/coraza

    3,295Auf GitHub ansehen↗

    Coraza is a web application firewall engine designed to filter malicious HTTP traffic using standardized security directives. It functions as a library for embedding request filtering and security transaction processing directly into web servers or reverse proxies. The engine implements the ModSecurity WAF engine and the OWASP Core Rule Set to identify and block common web attack patterns. It utilizes a library-first integration model, allowing security capabilities to be embedded into a host process as a dependency rather than running as a standalone proxy. The project covers rule-based pat

    Coraza is a library-first web application firewall engine that provides robust request filtering, traffic inspection, and vulnerability protection by implementing the OWASP Core Rule Set, making it a highly effective middleware component for securing web applications.

    GoWeb Application FirewallsWeb Application FirewallsBackend Security Middleware
    Auf GitHub ansehen↗3,295
  • symfony/security-httpAvatar von symfony

    symfony/security-http

    1,712Auf GitHub ansehen↗

    This project provides a comprehensive security framework for PHP applications, designed to manage the entire lifecycle of user authentication and authorization. It functions as a middleware layer that intercepts incoming HTTP requests to enforce security policies, resolve user identities, and maintain persistent sessions across web interactions. The framework distinguishes itself through a modular, event-driven architecture that integrates directly into the application lifecycle. It supports diverse authentication methods, including standard form-based logins, API bearer tokens, and federated

    This component provides the essential HTTP-level security infrastructure for the Symfony framework, including authentication, authorization, and firewall-based request filtering, making it a direct fit for securing web applications.

    PHPRole-Based Access Control
    Auf GitHub ansehen↗1,712
  • symfony/securityAvatar von symfony

    symfony/security

    1,199Auf GitHub ansehen↗

    This project is a comprehensive security framework for PHP applications, providing a modular system for verifying user identities and enforcing access control policies. It functions as a security middleware that decouples authentication and authorization logic from core application code, allowing for centralized management of user sessions, credentials, and resource access. The framework distinguishes itself through a highly decoupled architecture that separates identity verification from storage mechanisms. It utilizes a strategy-based approach to authentication, enabling developers to imple

    This component provides a comprehensive security framework for PHP applications, handling authentication, authorization, and firewall-based request filtering to protect against common web vulnerabilities.

    PHPRole-Based Access ControlRole-Based Access Control
    Auf GitHub ansehen↗1,199
  • middlewares/psr15-middlewaresAvatar von middlewares

    middlewares/psr15-middlewares

    411Auf GitHub ansehen↗

    Collection of PSR-15 middlewares officially developed by Middlewares organization

    This collection provides a suite of modular PSR-15 compliant components that implement essential security features like HTTP headers, rate limiting, and CORS management, making it a direct fit for securing web applications.

    Middleware and URL Handling
    Auf GitHub ansehen↗411
  • aspnet/securityAvatar von aspnet

    aspnet/Security

    1,287Auf GitHub ansehen↗

    Archived Middleware for security and authorization of web apps. Project moved to https://github.com/aspnet/AspNetCore

    This repository provides the foundational middleware for security, authorization, and authentication within the ASP.NET ecosystem, directly addressing the need for request filtering and security implementation in web applications.

    C#Security And Privacy
    Auf GitHub ansehen↗1,287
  • nis2shield/express-nis2-middlewareAvatar von nis2shield

    nis2shield/express-nis2-middleware

    0Auf GitHub ansehen↗

    🛡️ NIS2 Compliance Middleware for Express.js - Forensic logging, active defense, and security headers

    This middleware provides essential security headers and forensic logging for Express.js applications, serving as a targeted component for implementing web application security within that specific framework.

    TypeScriptWeb Framework Hardening
    Auf GitHub ansehen↗0
  • unrolled/secureAvatar von unrolled

    unrolled/secure

    2,345Auf GitHub ansehen↗

    HTTP middleware for Go that facilitates some quick security wins.

    This Go middleware provides essential HTTP security headers and configuration options to help protect web applications, fitting the category of security-focused middleware components.

    GoSecurity and AuditingSecurity and CryptographySecurity And Privacy
    Auf GitHub ansehen↗2,345
  • typeerror/secureAvatar von TypeError

    TypeError/secure

    1,043Auf GitHub ansehen↗

    Modern Python library for HTTP security headers with safe defaults, configurable presets, and first-class ASGI/WSGI middleware (FastAPI, Django, Flask, Shiny, and more).

    This library provides essential HTTP security headers and middleware integration for Python web frameworks, serving as a focused component for implementing web application security.

    PythonSecurity UtilitiesWeb Security
    Auf GitHub ansehen↗1,043
Die Top 10 auf einen Blick vergleichen
RepositoryStarsSpracheLizenzLetzter Push
spring-projects/spring-security9.5KJavaApache-2.022. Juni 2026
helmetjs/helmet10.7KTypeScriptMIT21. Juni 2026
kickstarter/rack-attack5.7KRubyMIT5. Apr. 2026
authelia/authelia26.8KGoapache-2.019. Feb. 2026
casbin/casbin19.8KGoapache-2.06. Feb. 2026
krakenjs/kraken-js4.9KJavaScriptNOASSERTION11. Aug. 2025
nathanl/authority1.2KRubyMIT18. Nov. 2019
honojs/hono31KTypeScriptMIT9. Juni 2026
corazawaf/coraza3.3KGoapache-2.020. Feb. 2026
symfony/security-http1.7KPHPMIT23. Juni 2026

Related searches

  • Web-App-Sicherheit und Exploitation
  • an open source tool for digital privacy
  • a collection of security cheat sheets
  • eine Authentifizierungs-Bibliothek für Webanwendungen
  • an open source framework for web development
  • Web application generators
  • eine selbstgehostete WAF
  • a library for preventing code injection attacks