Updated on April 30, 2019

OWASP ZAP project released a new version V12 that includes an updated HTTPSInfo plugin. The HTTPSInfo plugin includes support for TLS analysis based upon DeepViolet v5.1.16. DeepViolet is a TLS/SSL API and tool set you can use in your Java projects. The plugin provides metadata from X.509 certificates, TLS/SSL connections, and session attributes. It’s like a baby OpenSSL but for Java programs that need an API. A previous post describes how to install the ZAP plugin and run the report, Using OWASP DeepViolet within OWASP ZAP.

Original ZAP project post

OWASP DeepViolet has been included and available in OWASP ZAP for awhile now as an additional add-on component.  Briefly the background is that DeepViolet is a TLS/SSL scanning API and set of tools.  OWASP ZAP is a Flagship application security scanner and includes some DeepViolet features for it’s TLS/SSL scanning.  I decided to post this blog update since it was not clear to me how to use this scanning with ZAP.  The following is a short post about how to install and use HttpsInfo(a.k.a DeepViolet) within your ZAP scanning projects.

Read more