OWASP DeepViolet has been included and available in OWASP ZAP for awhile now as an additional add-on component.  Briefly the background is that DeepViolet is a TLS/SSL scanning API and set of tools.  OWASP ZAP is a Flagship application security scanner and includes some DeepViolet features for it’s TLS/SSL scanning.  I decided to post this blog update since it was not clear to me how to use this scanning with ZAP.  The following is a short post about how to install and use HttpsInfo(a.k.a DeepViolet) within your ZAP scanning projects.

Read more

I am running of the upcoming OWASP Board elections.  There are 4-seats open this election cycle.  For the benefit of those that don’t know, OWASP is one of the largest organizations of web application security professionals in the world.

Read more