This repository contains a curated list of security libraries for various programming languages commonly used in web application and API development.

• Golang
• Java
• Node.js
• PHP
• .NET
• Ruby
• Python

• authelia: Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for your applications via a web portal. It acts as a companion for reverse proxies by allowing, denying, or redirecting requests.
• casbin: An authorization library that supports access.
• caswaf: HTTP & OAuth Gateway and Web Application Firewall (WAF) based on ModSecurity.
• coraza: OWASP Coraza WAF is a golang modsecurity compatible web application firewall library .
• crypto: Standard cryptographic functions for Go. control models like ACL, RBAC, and ABAC.
• go-password-validator: Validate the Strength of a Password in Go.
• gorilla/csrf: is a HTTP middleware library that provides cross-site request forgery (CSRF) protection.
• jwt-go: JSON Web Tokens (JWT) implementation for Go.
• secure: HTTP middleware for Go that facilitates some quick security wins.

• apache shiro: A versatile security framework for Java applications, providing authentication, authorization, cryptography, and session management.
• bouncy castle: A cryptographic library for Java that provides APIs for various cryptographic operations.
• owasp java html sanitizer: A library to help prevent Cross-Site Scripting (XSS) attacks.
• spring security: A powerful and highly customizable authentication and access control framework for Java applications.

• bcrypt: A library for hashing passwords in Node.js applications.
• Helmet: A collection of middleware to help secure Express apps by setting various HTTP headers.
• jsonwebtoken: JSON Web Token (JWT) implementation for Node.js.
• node-rate-limiter-flexible: counts and limits number of actions by key and protects from DDoS and brute force attacks at any scale
• passport: Passport is authentication middleware for Node.js. Extremely flexible and modular, Passport can be unobtrusively dropped in to any Express-based web application.
• validator: A library of string validators and sanitizers.

• HTML Purifier: HTML Purifier is an HTML filtering solution that uses a unique combination of robust whitelists and aggressive parsing to ensure that not only are XSS attacks thwarted, but the resulting HTML is standards compliant.
• Laravel Sanctum: A simple package for API token authentication in Laravel PHP applications.
• League/OAuth2-Server: is a standards compliant implementation of an OAuth 2.0 authorization server written in PHP which makes working with OAuth 2.0 trivial.
• paragonie/random_compat: A compatibility library providing random_bytes() and random_int() for older PHP versions.
• Parsedown: Parsedown is capable of escaping user-input within the HTML that it generates.
• PHP Encryption: A PHP Secure Communications Library providing basic RSA, DSA, and SSH-2 functionality.
• Security Component - Core: Security provides an infrastructure for sophisticated authorization systems, which makes it possible to easily separate the actual authorization logic from so called user providers that hold the users credentials.
• Security Component - CSRF: The Security CSRF (cross-site request forgery) component provides a class CsrfTokenManager for generating and validating CSRF tokens.
• Security Component - Guard: The Guard component brings many layers of authentication together, making it much easier to create complex authentication systems where you have total control.

• ASP.NET Core Identity: A membership system for building secure ASP.NET Core web applications, providing user authentication, authorization, and account management.
• Microsoft.AspNetCore.DataProtection: Data protection APIs for protecting and unprotecting data.
• NWebsec: Helps you set important security headers and detect potentially dangerous redirects.
• System.Security.Cryptography: Provides cryptographic services, including secure encoding and decoding of data, as well as many other operations, such as hashing, random number generation, and message authentication.

• Devise: A flexible authentication solution for Ruby on Rails.
• sinatra/rack-protection: Middleware for protecting against common web attacks (XSS, CSRF, Clickjacking, Directory Traversal, Session Hijacking and IP Spoofing)
• nokogiri: Securely parses HTML and XML.
• Bycrypt: A library for hashing passwords securely using the bcrypt algorithm in Ruby.

• OWASP Python Security Project: A collection of Python security-related tools and libraries.
• django-allauth: A Django authentication library providing support for various authentication methods, including social authentication.
• cryptography: A Python library providing cryptographic recipes and primitives.