QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components, CVE-2017-5929 Detail.
OWASP DeepViolet has been included and available in OWASP ZAP for awhile now as an additional add-on component. Briefly the background is that DeepViolet is a TLS/SSL scanning API and set of tools. OWASP ZAP is a Flagship application security scanner and includes some DeepViolet features for it’s TLS/SSL scanning. I decided to post this blog update since it was not clear to me how to use this scanning with ZAP. The following is a short post about how to install and use HttpsInfo(a.k.a DeepViolet) within your ZAP scanning projects.
October 9, 2017 voting begins for OWASP members to elect four new OWASP Board candidates. I am running for the board this cycle and can use your support!