> For the complete documentation index, see [llms.txt](https://calvin-lai.gitbook.io/calvin-lai-security/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://calvin-lai.gitbook.io/calvin-lai-security/application-security.md).

# Application Security&#x20;

- [LLM Model Section Criteria](https://calvin-lai.gitbook.io/calvin-lai-security/application-security/llm-model-section-criteria.md): Section Criteria Guideline for AI Development
- [Securing React Native Applications with Java Microservices](https://calvin-lai.gitbook.io/calvin-lai-security/application-security/securing-react-native-applications-with-java-microservices.md): Working in Progress
- [Securing WebView-Based Mobile Applications with Java Microservices](https://calvin-lai.gitbook.io/calvin-lai-security/application-security/securing-webview-based-mobile-applications-with-java-microservices.md)
- [OAuth, SAML, and OpenID Connect: Key Differences and Use Cases](https://calvin-lai.gitbook.io/calvin-lai-security/application-security/oauth-saml-and-openid-connect-key-differences-and-use-cases.md): April 2025
- [Secure Coding Principles](https://calvin-lai.gitbook.io/calvin-lai-security/application-security/secure-coding-principles.md): August 2022
- [HTTP Header Security Principles](https://calvin-lai.gitbook.io/calvin-lai-security/application-security/http-header-security-principles.md)
- [Mitigating Broken Object Level Authorization (BOLA)](https://calvin-lai.gitbook.io/calvin-lai-security/application-security/mitigating-broken-object-level-authorization-bola.md): 10 November 2024
- [Spring Boot Validation](https://calvin-lai.gitbook.io/calvin-lai-security/application-security/spring-boot-validation.md): Spring Boot Validation to Address Lack of Input Validation
- [Output Encoding in JavaServer Faces (JSF)](https://calvin-lai.gitbook.io/calvin-lai-security/application-security/output-encoding-in-javaserver-faces-jsf.md)
- [Session Management Security Issues](https://calvin-lai.gitbook.io/calvin-lai-security/application-security/session-management-security-issues.md)
- [Common API Security Problems](https://calvin-lai.gitbook.io/calvin-lai-security/application-security/common-api-security-problems.md): Understanding and Mitigating Common API Security Problems
- [Broken Authentication](https://calvin-lai.gitbook.io/calvin-lai-security/application-security/common-api-security-problems/broken-authentication.md)
- [Excessive Data Exposure](https://calvin-lai.gitbook.io/calvin-lai-security/application-security/common-api-security-problems/excessive-data-exposure.md)
- [Lack of Resources & Rate Limiting](https://calvin-lai.gitbook.io/calvin-lai-security/application-security/common-api-security-problems/lack-of-resources-and-rate-limiting.md)
- [Broken Function Level Authorization](https://calvin-lai.gitbook.io/calvin-lai-security/application-security/common-api-security-problems/broken-function-level-authorization.md)
- [Unsafe Consumption of APIs](https://calvin-lai.gitbook.io/calvin-lai-security/application-security/common-api-security-problems/unsafe-consumption-of-apis.md)
- [JAVA Exception Handling](https://calvin-lai.gitbook.io/calvin-lai-security/application-security/java-exception-handling.md)
- [File Upload Validation](https://calvin-lai.gitbook.io/calvin-lai-security/application-security/file-upload-validation.md)
- [OAuth 2.0 Security](https://calvin-lai.gitbook.io/calvin-lai-security/application-security/oauth-2.0-security.md)
- [Insecure Storage of Access Tokens](https://calvin-lai.gitbook.io/calvin-lai-security/application-security/oauth-2.0-security/insecure-storage-of-access-tokens.md)
- [Microservice Security](https://calvin-lai.gitbook.io/calvin-lai-security/application-security/microservice-security.md): Application Security Issues in microservice at Multi-Service Provider Environments
- [Sample Coding Demo](https://calvin-lai.gitbook.io/calvin-lai-security/application-security/microservice-security/sample-coding-demo.md): A sample code implementation illustrating how Spring Security can help address these challenges
- [Service Implementation](https://calvin-lai.gitbook.io/calvin-lai-security/application-security/microservice-security/sample-coding-demo/service-implementation.md)
- [Client Interaction](https://calvin-lai.gitbook.io/calvin-lai-security/application-security/microservice-security/sample-coding-demo/client-interaction.md)
- [Security Solution for Microservices Architecture](https://calvin-lai.gitbook.io/calvin-lai-security/application-security/microservice-security/security-solution-for-microservices-architecture.md): Enterprise Security and Integration Solutions for Microservices Gateways solution
- [Modifying and Protecting Java Class Files](https://calvin-lai.gitbook.io/calvin-lai-security/application-security/modifying-and-protecting-java-class-files.md)
- [Modify a Class File Inside a WAR File](https://calvin-lai.gitbook.io/calvin-lai-security/application-security/modifying-and-protecting-java-class-files/modify-a-class-file-inside-a-war-file.md)
- [Demo: 1. Create Java Web Application](https://calvin-lai.gitbook.io/calvin-lai-security/application-security/modifying-and-protecting-java-class-files/modify-a-class-file-inside-a-war-file/demo-1.-create-java-web-application.md): July 2025
- [Demo: 2. Modify the Class file](https://calvin-lai.gitbook.io/calvin-lai-security/application-security/modifying-and-protecting-java-class-files/modify-a-class-file-inside-a-war-file/demo-2.-modify-the-class-file.md): July 2025
- [Direct Bytecode Editing](https://calvin-lai.gitbook.io/calvin-lai-security/application-security/modifying-and-protecting-java-class-files/direct-bytecode-editing.md)
- [Steps to Directly Edit a Java Class File](https://calvin-lai.gitbook.io/calvin-lai-security/application-security/modifying-and-protecting-java-class-files/direct-bytecode-editing/steps-to-directly-edit-a-java-class-file.md)
- [Update: Java Bytecode Editing Tools](https://calvin-lai.gitbook.io/calvin-lai-security/application-security/modifying-and-protecting-java-class-files/direct-bytecode-editing/steps-to-directly-edit-a-java-class-file/update-java-bytecode-editing-tools.md): April 2025
- [Techniques to Protect Java Class Files](https://calvin-lai.gitbook.io/calvin-lai-security/application-security/modifying-and-protecting-java-class-files/techniques-to-protect-java-class-files.md)
- [Runtime Decryption in WebLogic](https://calvin-lai.gitbook.io/calvin-lai-security/application-security/modifying-and-protecting-java-class-files/techniques-to-protect-java-class-files/runtime-decryption-in-weblogic.md)
- [JAVA Program](https://calvin-lai.gitbook.io/calvin-lai-security/application-security/java-program.md)
- [Secure, Concurrent Web Access Using Java and Tor](https://calvin-lai.gitbook.io/calvin-lai-security/application-security/java-program/secure-concurrent-web-access-using-java-and-tor.md): A Comprehensive Guide for developing a Secure, Concurrent Web Access Using Java and Tor:
- [Creating a Maven Java project in Visual Studio Code](https://calvin-lai.gitbook.io/calvin-lai-security/application-security/java-program/creating-a-maven-java-project-in-visual-studio-code.md)
