Updated on April 30, 2019

OWASP ZAP project released a new version V12 that includes an updated HTTPSInfo plugin. The HTTPSInfo plugin includes support for TLS analysis based upon DeepViolet v5.1.16. DeepViolet is a TLS/SSL API and tool set you can use in your Java projects. The plugin provides metadata from X.509 certificates, TLS/SSL connections, and session attributes. It’s like a baby OpenSSL but for Java programs that need an API. A previous post describes how to install the ZAP plugin and run the report, Using OWASP DeepViolet within OWASP ZAP.

Original ZAP project post

Interested to make easy work keeping your projects 3rd party dependencies up to date?  If so, push the easy button and read on.

Read more

OWASP DeepViolet has been included and available in OWASP ZAP for awhile now as an additional add-on component.  Briefly the background is that DeepViolet is a TLS/SSL scanning API and set of tools.  OWASP ZAP is a Flagship application security scanner and includes some DeepViolet features for it’s TLS/SSL scanning.  I decided to post this blog update since it was not clear to me how to use this scanning with ZAP.  The following is a short post about how to install and use HttpsInfo(a.k.a DeepViolet) within your ZAP scanning projects.

Read more