OWASP DeepViolet TLS/SSL Java API and Tools

Strategic security leader, software developer, and writer
Nov. 10, 2016
OWASP DeepViolet TLS/SSL Java API and Tools
OWASP DeepViolet TLS/SSL Java API and Tools
OWASP DeepViolet TLS/SSL Java API and Tools
OWASP DeepViolet TLS/SSL Java API and Tools
OWASP DeepViolet TLS/SSL Java API and Tools
OWASP DeepViolet TLS/SSL Java API and Tools
OWASP DeepViolet TLS/SSL Java API and Tools
OWASP DeepViolet TLS/SSL Java API and Tools
OWASP DeepViolet TLS/SSL Java API and Tools
1 of 9

More Related Content

Viewers also liked

Voxxed Days Thessaloniki 2016 - JDK 9 : Big Changes To Make Java Smaller Voxxed Days Thessaloniki 2016 - JDK 9 : Big Changes To Make Java Smaller
Voxxed Days Thessaloniki 2016 - JDK 9 : Big Changes To Make Java Smaller Patroklos Papapetrou (Pat)
Unit testing best practices with JUnitUnit testing best practices with JUnit
Unit testing best practices with JUnitinTwentyEight Minutes
Mineral Luster and TransparencyMineral Luster and Transparency
Mineral Luster and TransparencyPatrick Truesdell
J2ee (java ee) tutorial for beginnersJ2ee (java ee) tutorial for beginners
J2ee (java ee) tutorial for beginnersinTwentyEight Minutes
SE2016 - Java EE revisits design patterns 2016SE2016 - Java EE revisits design patterns 2016
SE2016 - Java EE revisits design patterns 2016Alex Theedom
J2EE IntroductionJ2EE Introduction
J2EE IntroductionPatroklos Papapetrou (Pat)

Similar to OWASP DeepViolet TLS/SSL Java API and Tools

LibreSSL, one year laterLibreSSL, one year later
LibreSSL, one year laterGiovanni Bechis
API Documentation Workshop tcworld India 2015API Documentation Workshop tcworld India 2015
API Documentation Workshop tcworld India 2015Tom Johnson
HeartbleedHeartbleed
HeartbleedMohammed Danish Amber
Identity management and single sign on - how much flexibilityIdentity management and single sign on - how much flexibility
Identity management and single sign on - how much flexibilityRyan Dawson
Intro to Open Cloud InitiativeIntro to Open Cloud Initiative
Intro to Open Cloud InitiativeJohn Mark Walker
Defcon 27 - The Future of Command and ControlDefcon 27 - The Future of Command and Control
Defcon 27 - The Future of Command and ControlNetskope

Recently uploaded

The future of digital customer experience is here!The future of digital customer experience is here!
The future of digital customer experience is here!Zoondia
Managing Remote Developers: Communication, Collaboration, and Team DynamicsManaging Remote Developers: Communication, Collaboration, and Team Dynamics
Managing Remote Developers: Communication, Collaboration, and Team DynamicsAcquaint Softtech Private Limited
In- Depth Salesforce Consulting Services.pptxIn- Depth Salesforce Consulting Services.pptx
In- Depth Salesforce Consulting Services.pptxCloudaction
Shopify Custom Development | ChetuShopify Custom Development | Chetu
Shopify Custom Development | ChetuChetu
Software Solutions for HSE Management in Data Centers.pdfSoftware Solutions for HSE Management in Data Centers.pdf
Software Solutions for HSE Management in Data Centers.pdfASK EHS Engineering & Consultants
德国大学假文凭价格?乌尔姆大学毕业证书/学位证加急制作德国大学假文凭价格?乌尔姆大学毕业证书/学位证加急制作
德国大学假文凭价格?乌尔姆大学毕业证书/学位证加急制作abycyww

OWASP DeepViolet TLS/SSL Java API and Tools

  1. OWASP DeepViolet TLS/SSL JAVA API & Tools Project Leader Milton Smith Twitter: @deepvioletapi Blog: https://www.securitycurmudgeon.com/ Black Hat EU 2016 London Tools Arsenal
  2. What is DeepViolet? TLS/SSL scanning API 2 reference cases demonstrating API Command line tool & desktop application
  3. Why Build DeepViolet? Why build DeepViolet(DV)? I did not set out to build a tool for the public. DV was a learning tool for me. Heartbleed was in the popular press, I wanted to learn more about underlying TLS/SSL protocols. When I finished the original code I posted it to my github site. I was approached several times to add improvements to DV. Asked others why they liked it. Most common answer is that there are few available choices for libraries that provide TLS/SSL scanning features for applications. Great tools exist today like OpenSSL, Qualys SSL Server Test, Mozilla Observatory, etc. Yes, my favorites as well. No intention to compete with any tools.
  4. What Can DeepViolet API/Tools Do? Identify Weak Server Cipher Suites Identity Weak Signature Algorithms Identity Certificates About to Expire Print X.509 Certificates & Metadata Print Trust Chains Print Trust Status, Trusted or Not Trusted And more…
  5. Getting Started with the API IDSession session = DVFactory.initializeSession(url); IDVOnEng eng = DVFactory.getIDVOnEng(session); // Get certificates, ciphersuites, print some reports… // Review unit tests in com.mps.deepviolet.test.api to get started…
  6. DeepViolet Desktop Application 1) Provide a URL and Click 2) Report is generated 3) Save report to disk Easy as that. Adapt as needed.
  7. DeepViolet Command Tool 1) Try a command line like this, java -jar dvCMD.jar -serverurl https://www.google.com/ -s hrcisn 2) Report is generated 3) Redirect output to file or pipe to grep to search certificate metadata Easy as that. Adapt as needed.
  8. Additional References OWASP Project Site: https://www.owasp.org/index.php/OWASP_DeepViolet_TLS/SSL_Scanner GitHub Site: https://github.com/spoofzu/DeepViolet Download: https://github.com/spoofzu/DeepViolet/releases Follow Online: twitter, @deepvioletapi
  9. ;o)