OWASP DeepViolet has been included and available in OWASP ZAP for awhile now as an additional add-on component. Briefly the background is that DeepViolet is a TLS/SSL scanning API and set of tools. OWASP ZAP is a Flagship application security scanner and includes some DeepViolet features for it’s TLS/SSL scanning. I decided to post this blog update since it was not clear to me how to use this scanning with ZAP. The following is a short post about how to install and use HttpsInfo(a.k.a DeepViolet) within your ZAP scanning projects.
October 9, 2017 voting begins for OWASP members to elect four new OWASP Board candidates. I am running for the board this cycle and can use your support!
I am running of the upcoming OWASP Board elections. There are 4-seats open this election cycle. For the benefit of those that don’t know, OWASP is one of the largest organizations of web application security professionals in the world.
Java Chief Architect Mark Reinhold posts…
Create a secure, private forum in which trusted members of the OpenJDK Community can receive reports of vulnerabilities in OpenJDK code bases, review them, collaborate on fixing them, and coordinate the release of such fixes. Ensure that information flows efficiently, in both directions, between this forum and Oracle’s internal security teams. Encourage the forum to be used for other OpenJDK security-related discussions as needed.
Continue reading, Proposal: OpenJDK Vulnerability Group