20 repository-uri
Security controls for persistent WebSocket connections including authentication and input validation.
Distinguishing note: Focuses on stateful connection security, distinct from stateless HTTP security.
Explore 20 awesome GitHub repositories matching security & cryptography · WebSocket Security. Refine with filters or upvote what's useful.
The OWASP Cheat Sheet Series is a comprehensive, community-driven repository of concise security best practices and defensive coding patterns. It serves as a centralized knowledge base for developers and security professionals, providing actionable guidance to secure applications across the entire software development lifecycle. The project covers a vast array of security domains, ranging from fundamental web application hardening and authentication protocols to specialized controls for modern infrastructure and artificial intelligence systems. What distinguishes this project is its decentral
Secures persistent connections through authentication and input validation to prevent data injection.
NATS Server is a high-performance, lightweight messaging system designed for cloud-native applications, edge computing, and distributed microservices. It functions as a distributed publish-subscribe broker that routes messages using hierarchical, dot-separated subject strings, enabling decoupled communication between services without requiring centralized broker lookups. The system supports core messaging patterns including asynchronous publish-subscribe, request-reply, and load-balanced queue processing. The platform distinguishes itself through a decentralized architecture that eliminates t
Validates incoming WebSocket connections using various security methods including tokens, certificates, and identity-based credentials.
Elysia is a high-performance TypeScript web framework designed for building type-safe backend services. It provides a modular, plugin-based architecture that allows developers to compose server logic, middleware, and validation schemas into scalable application instances. By leveraging native web standards, the framework ensures portability across diverse JavaScript runtimes, including Node.js, Deno, and various edge computing environments. The framework distinguishes itself through its focus on end-to-end type safety, automatically synchronizing request and response definitions between the s
Enforces strict schema constraints on incoming WebSocket messages to ensure data integrity.
This is a header-only C++ library that provides implementations for HTTP clients, HTTP servers, and a WebSocket framework. It allows for the creation of network services and the consumption of remote APIs without requiring a separate compilation step or external binary linking. The project features backend-agnostic TLS integration for secure HTTPS and WSS communication and employs a thread-pool model to process concurrent requests. It distinguishes itself with a full-duplex WebSocket state-machine and a middleware-based request pipeline that supports regular-expression path routing. The libr
Provides secure WebSocket communication using the wss scheme and certificate verification.
Java-WebSocket is a collection of classes for implementing WebSocket clients and servers using pure Java. It provides a framework for hosting servers that manage connections via event-driven subclasses and tools for establishing client connections to remote servers. The library includes a secure communication tool for encrypting traffic using the WSS protocol and a compression library that uses per-message deflate extensions to reduce transmitted data size. It supports the configuration of cipher suites to limit encryption protocols and ensure compatible communication. The project enables bi
Supports secure communication using the WSS protocol and certificate management to protect data streams.
gqlgen is a schema-first Go library designed to build type-safe GraphQL servers. It functions as a code generation engine that transforms declarative GraphQL schema definitions into strongly-typed Go source code, ensuring strict alignment between the API contract and the underlying implementation. The framework distinguishes itself through its deep integration with the Go type system and its highly extensible build pipeline. By using schema-first development, it automates the creation of server boilerplate and resolver stubs, allowing developers to map schema fields directly to Go structs and
Validates initial connection payloads during the handshake process to verify user identity for subscriptions.
SocketRocket is an Objective-C WebSocket client library designed to establish bidirectional real-time communication channels between an application and a server. It provides a networking layer for real-time data streaming, utilizing a heartbeat monitor to maintain the stability of active network streams. The library is built to operate across restricted networks by routing traffic through HTTP proxies. It secures data transmission using TLS encryption and SSL certificate pinning to prevent unauthorized interception of network traffic. Its underlying capabilities include low-level TCP socket
Encrypts data transfers using TLS and SSL certificate pinning to prevent unauthorized interception.
Starscream is a Swift WebSocket client library that provides a concrete implementation of the WebSocket protocol for iOS and macOS applications. It functions as an event-driven wrapper for establishing and managing bidirectional connections to send and receive text and binary frames over TCP. The library includes a secure WebSocket client capable of encrypting traffic and validating server identities. It manages the full connection lifecycle, from the initial handshake and header exchange to session termination with custom close codes. The project covers a broad range of networking capabilit
Implements encrypted communication channels and security controls to protect data transmitted via WebSockets.
Websocat is a specialized set of command-line tools for WebSocket communication, acting as a client, server, and stream processor. It provides a terminal-based interface for connecting to WebSocket servers, hosting secure WebSocket servers, and bridging data between WebSockets and other network transports. The project distinguishes itself by functioning as a bidirectional network relay, allowing the routing of data between WebSocket streams, TCP sockets, UNIX sockets, and standard system input and output. It includes specialized implementations for SOCKS5 and HTTP proxying, as well as a strea
Establishes secure, encrypted WebSocket connections using TLS or static symmetric keys.
Javalin is a lightweight web framework for Java and Kotlin designed for building REST APIs and web applications. It functions as an embedded Jetty web server, allowing applications to run as standalone processes without the need for an external servlet container. The project provides specialized frameworks for diverse communication patterns, including a REST API framework with automatic OpenAPI schema generation, a GraphQL API framework with query and mutation resolvers, and a WebSocket server for bidirectional real-time communication. It also includes a dedicated framework for pushing real-t
Provides handlers to perform authentication and validation during the WebSocket upgrade process.
netty-socketio is a Java implementation of a Socket.IO server designed for real-time bidirectional communication between clients and servers. It functions as a real-time event engine and WebSocket communication server, utilizing the Netty network framework to manage high-performance socket connections. The project enables distributed socket server scaling by acting as a distributed message broker. It synchronizes client states and broadcasts messages across multiple server nodes through the use of an external data store. The system manages traffic via namespace-based connection routing and r
Protects real-time data transfers using encryption and security certificates to secure stateful WebSocket connections.
Proxyman is a cross-platform HTTP debugging proxy that captures, inspects, and modifies HTTP, HTTPS, and WebSocket traffic. It functions as a man-in-the-middle proxy, decrypting SSL/TLS traffic to allow real-time inspection and modification of encrypted requests and responses. The tool is designed for debugging web and mobile applications, with capabilities for API mocking and simulation, scriptable traffic modification, and team collaboration on network logs. What distinguishes Proxyman is its deep integration with mobile and cross-platform development workflows. It provides automated certif
Captures WebSocket and Secure WebSocket messages from browsers, mobile devices, and local applications.
websocket-sharp is a C# library implementation of the WebSocket protocol used for building bidirectional client and server applications. It enables real-time data exchange between endpoints via persistent connections. The library provides specialized networking capabilities, including SSL encrypted networking for secure transport and certificate validation. It also features HTTP proxy tunneling to route traffic through intermediary servers using basic or digest authentication. The project covers a broad range of capabilities, including the implementation of both WebSocket clients and servers
Provides security controls for persistent connections, including SSL/TLS encryption and certificate validation.
Suricata is an open-source network intrusion detection and prevention engine that analyzes live network traffic in real-time to identify and alert on malicious activity. It operates as a rule-based threat detection system, matching traffic against user-defined signatures to detect known attack patterns and policy violations, and can be placed inline to actively block malicious packets before they reach their target. The engine inspects a wide range of application-layer protocols including HTTP, DNS, TLS, SMB, and MQTT, and supports high-performance packet capture through specialized hardware a
Inspects WebSocket traffic for malicious patterns and enforces security policies on WebSocket communications.
NGINX Unit is an open-source application server designed to natively execute code across multiple programming language runtimes and WebAssembly within a single process. It serves as a multi-language application server that can run applications written in Go, Java, Node.js, Perl, PHP, Python, Ruby, and WebAssembly side by side, without requiring separate runtime environments for each language. The server distinguishes itself through a RESTful JSON control API that enables dynamic, zero-downtime configuration changes without restarting the server. It combines event-driven asynchronous I/O with
Validates WebSocket payload lengths in the Java language module to prevent infinite loops and excessive CPU consumption.
Beast este o bibliotecă C++ pentru implementarea clienților și serverelor HTTP și WebSocket de nivel scăzut. Acesta funcționează ca un framework de rețea asincron conceput pentru a compune operațiuni I/O non-blocante și stive de fluxuri stratificate pentru gestionarea traficului de rețea concurent, utilizând în mod specific modelul asincron Boost.Asio. Biblioteca oferă o implementare cuprinzătoare a protocoalelor HTTP/1.1 și WebSocket. Pentru HTTP, include primitive pentru parsarea și serializarea mesajelor cu suport pentru codificarea transferului fragmentat (chunked), citirea incrementală a corpului și pipelining-ul cererilor. Implementarea sa WebSocket acoperă întregul ciclu de viață al comunicării bidirecționale, inclusiv handshake-uri, negocierea subprotocolului, fragmentarea mesajelor și monitorizarea stării prin cadre de control. Beast include o suită specializată de instrumente pentru gestionarea buffer-elor de rețea pentru a optimiza I/O scatter-gather prin buffer-e de memorie dinamice și bazate pe secvențe. De asemenea, acoperă comunicarea securizată în rețea prin integrarea straturilor SSL/TLS pentru fluxuri criptate, autentificarea certificatelor și terminarea securizată a conexiunilor. Framework-ul oferă abstracții cross-platform pentru I/O de fișiere și gestionarea semnalelor de sistem pentru a susține dezvoltarea stabilă a aplicațiilor de rețea.
Wraps WebSocket streams in an SSL/TLS layer to provide encrypted bidirectional communication.
Acest proiect este o arhitectură enterprise cuprinzătoare pentru construirea de sisteme distribuite multi-tenant, implementată ca o platformă de microservicii Spring Cloud. Oferă un framework complet pentru gestionarea microserviciilor, concentrându-se pe arhitectura de date multi-tenant și furnizarea centralizată a identității. Platforma se distinge prin abordarea sa integrată față de identitate și securitate, utilizând un furnizor de identitate OAuth2 pentru a gestiona single sign-on, controlul accesului bazat pe roluri și emiterea de token-uri JWT în cadrul serviciilor distribuite. Separă în continuare limitele organizaționale prin izolarea datelor multi-tenant, asigurându-se că resursele și datele sunt partiționate logic sau fizic între diferiți chiriași (tenants). Sistemul acoperă o suprafață largă de capabilități distribuite, inclusiv guvernanța serviciilor prin rutarea API gateway și circuit breaking, precum și coordonarea datelor prin tranzacții distribuite și mecanisme de blocare. Include, de asemenea, un stack de observabilitate distribuită pentru tracing-ul cererilor și logare centralizată, alături de sincronizarea motorului de căutare în timp real și mesagerie asincronă bazată pe evenimente. Fluxul de lucru de dezvoltare este susținut de instrumente de automatizare pentru generarea codului aplicației și împachetarea binară specifică platformei.
Secures real-time communication by authenticating WebSocket handshakes before establishing connections.
HttpRunner este un framework de testare de rețea multi-protocol conceput pentru automatizarea testelor funcționale și de regresie ale interfețelor HTTP. Funcționează ca un tester de rețea multi-protocol care suportă HTTP/1.1, HTTP/2, WebSocket, TCP și RPC pentru a valida diverse tipare de comunicare. Proiectul include motoare specializate pentru testarea performanței API, testarea bazată pe date și un generator de cazuri de test care convertește fișiere HAR, comenzi curl și definiții Swagger în scripturi executabile. Framework-ul se distinge prin capacitatea de a separa logica de testare de datele de business prin intermediul unui motor de execuție bazat pe date și prin suportul pentru testarea de sarcină (load testing) cu grad ridicat de concurență prin orchestrare distribuită. Dispune de un sistem de plugin-uri multi-limbaj care permite utilizatorilor să extindă motorul de bază cu logică personalizată de validare și procesare scrisă în Go, Python sau Java. Proiectul acoperă o gamă largă de capabilități, inclusiv modelarea scenariilor complexe pentru simularea fluxului de lucru al utilizatorului, validarea răspunsurilor și analiza detaliată a performanței rețelei. Oferă instrumente pentru generarea distribuită de sarcină, sondarea geografică a rețelei și integrarea suitelor de testare automatizate în pipeline-uri CI. Motorul de testare de bază poate fi executat printr-o interfață de linie de comandă sau integrat în ecosistemul de testare Python folosind un runner dedicat.
The project extracts parameters from responses and performs assertions on returned data to verify communication correctness.
WebSocket-Node is a server-side implementation of the WebSocket protocol for Node.js environments. It serves as a framework for establishing persistent, bidirectional communication channels and low-latency data exchange between clients and servers. The project provides a secure socket implementation using transport layer security and includes an integrated client for establishing outbound encrypted connections. It utilizes a formal protocol-state machine and an event-driven connection framework to manage high-concurrency network streams. The framework covers server-side infrastructure includ
Implements security controls for persistent WebSocket connections, including transport layer encryption.
This is a Python WebSocket client library designed to establish full-duplex, persistent network connections for real-time exchange of text and binary data. It functions as an asynchronous network client and a TCP socket wrapper, managing the complete lifecycle of a connection from the initial handshake to graceful closure. The implementation includes a secure WebSocket client that handles SSL/TLS encryption, certificate verification, and secure handshake protocols. It further distinguishes itself by supporting advanced connectivity options, including proxy routing via HTTP or SOCKS proxies an
Implements security controls for persistent WebSocket connections including SSL/TLS encryption and certificate verification.