On August 8, 2018 I will be presenting DeepViolet, a TLS/SSL scanning API & tools at the Black Hat conferences event in Las Vegas.  The project is divided in two code repositories, DeepViolet the primary Java code API, and DeepVioletTools which is a command line tool and desktop application or reference cases demonstrating the API’s usefulness.

Read more

Java Chief Architect Mark Reinhold posts…

Create a secure, private forum in which trusted members of the OpenJDK Community can receive reports of vulnerabilities in OpenJDK code bases, review them, collaborate on fixing them, and coordinate the release of such fixes. Ensure that information flows efficiently, in both directions, between this forum and Oracle’s internal security teams. Encourage the forum to be used for other OpenJDK security-related discussions as needed.

Continue reading, Proposal: OpenJDK Vulnerability Group

Start of a pentesting methodology by bugcrowd.com.  So many areas to test but there is a lot included in the graphic.

 

Moving securitycurmudgeon.com from Blogger to cloud provider.  Please update bookmarks accordingly.

Read more