Blog

Using OWASP DeepViolet within OWASP ZAP

OWASP DeepViolet has been included and available in OWASP ZAP for awhile now as an additional add-on component.  Briefly the background is that DeepViolet is a TLS/SSL scanning API and set of tools.  OWASP ZAP is a Flagship application security scanner and includes some DeepViolet features for it’s TLS/SSL scanning.  I decided to post this blog update since it was not clear to me how to use this scanning with ZAP.  The following is a short post about how to install and use HttpsInfo(a.k.a DeepViolet) within your ZAP scanning projects.

Continue reading “Using OWASP DeepViolet within OWASP ZAP”

Oracle proposes industry collaboration on OpenJDK security

Java Chief Architect Mark Reinhold posts…

Create a secure, private forum in which trusted members of the OpenJDK Community can receive reports of vulnerabilities in OpenJDK code bases, review them, collaborate on fixing them, and coordinate the release of such fixes. Ensure that information flows efficiently, in both directions, between this forum and Oracle’s internal security teams. Encourage the forum to be used for other OpenJDK security-related discussions as needed.

Continue reading, Proposal: OpenJDK Vulnerability Group