OWASP DeepViolet TLS/SSL Java API and Tools

Milton Smith
Strategic security leader, software developer, and writer
Nov. 10, 2016
OWASP DeepViolet TLS/SSL Java API and Tools
OWASP DeepViolet TLS/SSL Java API and Tools
OWASP DeepViolet TLS/SSL Java API and Tools
OWASP DeepViolet TLS/SSL Java API and Tools
OWASP DeepViolet TLS/SSL Java API and Tools
OWASP DeepViolet TLS/SSL Java API and Tools
OWASP DeepViolet TLS/SSL Java API and Tools
OWASP DeepViolet TLS/SSL Java API and Tools
OWASP DeepViolet TLS/SSL Java API and Tools
1 of 9

OWASP DeepViolet TLS/SSL Java API and Tools

Nov. 10, 2016
Download to read offline
Software

Follow-up slide deck to a live tools demonstration at Black Hat 2016 EU presentation in London. See OWASP project web site for details, https://www.owasp.org/index.php/OWASP_DeepViolet_TLS/SSL_Scanner

Milton Smith
Strategic security leader, software developer, and writer

Recommended

A great clash of symbolsA great clash of symbols
A great clash of symbolsGreg Sohl1.1K views16 slides
Open Source Compliance at TwitterOpen Source Compliance at Twitter
Open Source Compliance at TwitterChris Aniszczyk1.4K views50 slides
Cool .NET tools, techniques and librariesCool .NET tools, techniques and libraries
Cool .NET tools, techniques and librariesGreg Sohl589 views11 slides
Making Enterprise-Ready Plugins - Kaj Kandler JUC West 2015Making Enterprise-Ready Plugins - Kaj Kandler JUC West 2015
Making Enterprise-Ready Plugins - Kaj Kandler JUC West 2015Black Duck by Synopsys2.3K views56 slides
4 great alternatives to bouncy castles 4 great alternatives to bouncy castles
4 great alternatives to bouncy castles SuperFunStuffUK4.7K views5 slides
Are You Really Willing To Do What It Takes?Are You Really Willing To Do What It Takes?
Are You Really Willing To Do What It Takes?George Hutton407 views34 slides

More Related Content

Viewers also liked

Voxxed Days Thessaloniki 2016 - JDK 9 : Big Changes To Make Java Smaller Voxxed Days Thessaloniki 2016 - JDK 9 : Big Changes To Make Java Smaller
Voxxed Days Thessaloniki 2016 - JDK 9 : Big Changes To Make Java Smaller Patroklos Papapetrou (Pat)332 views53 slides
Unit testing best practices with JUnitUnit testing best practices with JUnit
Unit testing best practices with JUnitinTwentyEight Minutes555 views26 slides
Mineral Luster and TransparencyMineral Luster and Transparency
Mineral Luster and TransparencyPatrick Truesdell5.8K views16 slides
J2ee (java ee) tutorial for beginnersJ2ee (java ee) tutorial for beginners
J2ee (java ee) tutorial for beginnersinTwentyEight Minutes3.9K views45 slides
SE2016 - Java EE revisits design patterns 2016SE2016 - Java EE revisits design patterns 2016
SE2016 - Java EE revisits design patterns 2016Alex Theedom718 views40 slides
J2EE IntroductionJ2EE Introduction
J2EE IntroductionPatroklos Papapetrou (Pat)13.3K views22 slides

Viewers also liked(8)

Voxxed Days Thessaloniki 2016 - JDK 9 : Big Changes To Make Java Smaller Voxxed Days Thessaloniki 2016 - JDK 9 : Big Changes To Make Java Smaller
Voxxed Days Thessaloniki 2016 - JDK 9 : Big Changes To Make Java Smaller
Patroklos Papapetrou (Pat)332 views
Unit testing best practices with JUnitUnit testing best practices with JUnit
Unit testing best practices with JUnit
inTwentyEight Minutes555 views
Mineral Luster and TransparencyMineral Luster and Transparency
Mineral Luster and Transparency
Patrick Truesdell5.8K views
J2ee (java ee) tutorial for beginnersJ2ee (java ee) tutorial for beginners
J2ee (java ee) tutorial for beginners
inTwentyEight Minutes3.9K views
SE2016 - Java EE revisits design patterns 2016SE2016 - Java EE revisits design patterns 2016
SE2016 - Java EE revisits design patterns 2016
Alex Theedom718 views
J2EE IntroductionJ2EE Introduction
J2EE Introduction
Patroklos Papapetrou (Pat)13.3K views
Research paper for diamondResearch paper for diamond
Research paper for diamond
Marevisha Vidfather3.1K views
Java EE 8: What Servlet 4 and HTTP2 MeanJava EE 8: What Servlet 4 and HTTP2 Mean
Java EE 8: What Servlet 4 and HTTP2 Mean
Alex Theedom4.2K views

Similar to OWASP DeepViolet TLS/SSL Java API and Tools

LibreSSL, one year laterLibreSSL, one year later
LibreSSL, one year laterGiovanni Bechis1.1K views52 slides
API Documentation Workshop tcworld India 2015API Documentation Workshop tcworld India 2015
API Documentation Workshop tcworld India 2015Tom Johnson2.9K views135 slides
HeartbleedHeartbleed
HeartbleedMohammed Danish Amber619 views23 slides
Identity management and single sign on - how much flexibilityIdentity management and single sign on - how much flexibility
Identity management and single sign on - how much flexibilityRyan Dawson840 views44 slides
Intro to Open Cloud InitiativeIntro to Open Cloud Initiative
Intro to Open Cloud InitiativeJohn Mark Walker426 views29 slides
Defcon 27 - The Future of Command and ControlDefcon 27 - The Future of Command and Control
Defcon 27 - The Future of Command and ControlNetskope354 views25 slides

Similar to OWASP DeepViolet TLS/SSL Java API and Tools(20)

LibreSSL, one year laterLibreSSL, one year later
LibreSSL, one year later
Giovanni Bechis1.1K views
API Documentation Workshop tcworld India 2015API Documentation Workshop tcworld India 2015
API Documentation Workshop tcworld India 2015
Tom Johnson2.9K views
HeartbleedHeartbleed
Heartbleed
Mohammed Danish Amber619 views
Identity management and single sign on - how much flexibilityIdentity management and single sign on - how much flexibility
Identity management and single sign on - how much flexibility
Ryan Dawson840 views
Intro to Open Cloud InitiativeIntro to Open Cloud Initiative
Intro to Open Cloud Initiative
John Mark Walker426 views
Defcon 27 - The Future of Command and ControlDefcon 27 - The Future of Command and Control
Defcon 27 - The Future of Command and Control
Netskope354 views
Your Blacklist is Dead: Why the Future of Command and Control is the CloudYour Blacklist is Dead: Why the Future of Command and Control is the Cloud
Your Blacklist is Dead: Why the Future of Command and Control is the Cloud
CloudVillage4.2K views
DEF CON 23 - BRENT - white hacking web apps wpDEF CON 23 - BRENT - white hacking web apps wp
DEF CON 23 - BRENT - white hacking web apps wp
Felipe Prado24 views
Openid & Oauth: An IntroductionOpenid & Oauth: An Introduction
Openid & Oauth: An Introduction
Steve Ivy3.1K views
TechRadarCon 2022 | Have you built your platform yet ?TechRadarCon 2022 | Have you built your platform yet ?
TechRadarCon 2022 | Have you built your platform yet ?
Haggai Philip Zagury18 views
API Documentation -- Presentation to East Bay STC ChapterAPI Documentation -- Presentation to East Bay STC Chapter
API Documentation -- Presentation to East Bay STC Chapter
Tom Johnson473 views
API Documentation presentation to East Bay STC ChapterAPI Documentation presentation to East Bay STC Chapter
API Documentation presentation to East Bay STC Chapter
Tom Johnson2.3K views
The Open Source... Behind the TweetsThe Open Source... Behind the Tweets
The Open Source... Behind the Tweets
Chris Aniszczyk2.9K views
FBI & Secret Service- Business Email Compromise WorkshopFBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise Workshop
Ernest Staats214 views
Tech breakfast 18Tech breakfast 18
Tech breakfast 18
James Leone274 views
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and Exploitation
Tom Eston13K views
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline
James Wickett4.3K views
Introduction to (web) APIs - definitions, examples, concepts and trendsIntroduction to (web) APIs - definitions, examples, concepts and trends
Introduction to (web) APIs - definitions, examples, concepts and trends
Olaf Janssen1.3K views
2022 APIsecure_Securing APIs with Open Standards2022 APIsecure_Securing APIs with Open Standards
2022 APIsecure_Securing APIs with Open Standards
APIsecure_ Official49 views
The DevSecOps Builder’s Guide to the CI/CD PipelineThe DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD Pipeline
James Wickett609 views

Recently uploaded

The future of digital customer experience is here!The future of digital customer experience is here!
The future of digital customer experience is here!Zoondia7 views6 slides
Managing Remote Developers: Communication, Collaboration, and Team DynamicsManaging Remote Developers: Communication, Collaboration, and Team Dynamics
Managing Remote Developers: Communication, Collaboration, and Team DynamicsAcquaint Softtech Private Limited3 views6 slides
In- Depth Salesforce Consulting Services.pptxIn- Depth Salesforce Consulting Services.pptx
In- Depth Salesforce Consulting Services.pptxCloudaction7 views8 slides
Shopify Custom Development | ChetuShopify Custom Development | Chetu
Shopify Custom Development | ChetuChetu3 views1 slide
Software Solutions for HSE Management in Data Centers.pdfSoftware Solutions for HSE Management in Data Centers.pdf
Software Solutions for HSE Management in Data Centers.pdfASK EHS Engineering & Consultants 15 views7 slides
德国大学假文凭价格?乌尔姆大学毕业证书/学位证加急制作德国大学假文凭价格?乌尔姆大学毕业证书/学位证加急制作
德国大学假文凭价格?乌尔姆大学毕业证书/学位证加急制作abycyww3 views1 slide

Recently uploaded(20)

The future of digital customer experience is here!The future of digital customer experience is here!
The future of digital customer experience is here!
Zoondia7 views
Managing Remote Developers: Communication, Collaboration, and Team DynamicsManaging Remote Developers: Communication, Collaboration, and Team Dynamics
Managing Remote Developers: Communication, Collaboration, and Team Dynamics
Acquaint Softtech Private Limited3 views
In- Depth Salesforce Consulting Services.pptxIn- Depth Salesforce Consulting Services.pptx
In- Depth Salesforce Consulting Services.pptx
Cloudaction7 views
Shopify Custom Development | ChetuShopify Custom Development | Chetu
Shopify Custom Development | Chetu
Chetu3 views
Software Solutions for HSE Management in Data Centers.pdfSoftware Solutions for HSE Management in Data Centers.pdf
Software Solutions for HSE Management in Data Centers.pdf
ASK EHS Engineering & Consultants 15 views
德国大学假文凭价格?乌尔姆大学毕业证书/学位证加急制作德国大学假文凭价格?乌尔姆大学毕业证书/学位证加急制作
德国大学假文凭价格?乌尔姆大学毕业证书/学位证加急制作
abycyww3 views
Brochure for Dashboard Folders for JiraBrochure for Dashboard Folders for Jira
Brochure for Dashboard Folders for Jira
Akeles Consulting17 views
美国明尼苏达大学文凭学历样板查看美国明尼苏达大学文凭学历样板查看
美国明尼苏达大学文凭学历样板查看
abycyww3 views
Sales Laundry Multi LocationSales Laundry Multi Location
Sales Laundry Multi Location
Geminate Consultancy Services4 views
Indexing and Query Performance in MongoDB.pdfIndexing and Query Performance in MongoDB.pdf
Indexing and Query Performance in MongoDB.pdf
Malak Abu Hammad8 views
pulsar-platformatory-meetup-2.pptxpulsar-platformatory-meetup-2.pptx
pulsar-platformatory-meetup-2.pptx
Shivji Kumar Jha27 views
办理马来亚大学本科硕士毕业证书学位证办理马来亚大学本科硕士毕业证书学位证
办理马来亚大学本科硕士毕业证书学位证
abycyww4 views
留学未能毕业?如何办理德国亚琛应用技术大学毕业证书认证留学未能毕业?如何办理德国亚琛应用技术大学毕业证书认证
留学未能毕业?如何办理德国亚琛应用技术大学毕业证书认证
vweuwx3 views
Bellen FacebookBellen Facebook
Bellen Facebook
karizmakpor3 views
Celestial Whispers_ A Journey Through Luna's Enchanted Realm.pdfCelestial Whispers_ A Journey Through Luna's Enchanted Realm.pdf
Celestial Whispers_ A Journey Through Luna's Enchanted Realm.pdf
AMB-Review3 views
AttendFy - Attendance Management Solutions for Educational InstitutionsAttendFy - Attendance Management Solutions for Educational Institutions
AttendFy - Attendance Management Solutions for Educational Institutions
Biocube Technologies Inc.12 views
Lecture 02 Software Management Renaissance.pptLecture 02 Software Management Renaissance.ppt
Lecture 02 Software Management Renaissance.ppt
Getahuntigistu53 views
BROCHURE - TT INFOTECHS.pdfBROCHURE - TT INFOTECHS.pdf
BROCHURE - TT INFOTECHS.pdf
Ttinfotechs4 views
ch5.ppt operating systemch5.ppt operating system
ch5.ppt operating system
Sami Mughal3 views
Productivity-Tracking-SoftwareProductivity-Tracking-Software
Productivity-Tracking-Software
Namrata1475874 views

OWASP DeepViolet TLS/SSL Java API and Tools

  1. OWASP DeepViolet TLS/SSL JAVA API & Tools Project Leader Milton Smith Twitter: @deepvioletapi Blog: https://www.securitycurmudgeon.com/ Black Hat EU 2016 London Tools Arsenal
  2. What is DeepViolet? TLS/SSL scanning API 2 reference cases demonstrating API Command line tool & desktop application
  3. Why Build DeepViolet? Why build DeepViolet(DV)? I did not set out to build a tool for the public. DV was a learning tool for me. Heartbleed was in the popular press, I wanted to learn more about underlying TLS/SSL protocols. When I finished the original code I posted it to my github site. I was approached several times to add improvements to DV. Asked others why they liked it. Most common answer is that there are few available choices for libraries that provide TLS/SSL scanning features for applications. Great tools exist today like OpenSSL, Qualys SSL Server Test, Mozilla Observatory, etc. Yes, my favorites as well. No intention to compete with any tools.
  4. What Can DeepViolet API/Tools Do? Identify Weak Server Cipher Suites Identity Weak Signature Algorithms Identity Certificates About to Expire Print X.509 Certificates & Metadata Print Trust Chains Print Trust Status, Trusted or Not Trusted And more…
  5. Getting Started with the API IDSession session = DVFactory.initializeSession(url); IDVOnEng eng = DVFactory.getIDVOnEng(session); // Get certificates, ciphersuites, print some reports… // Review unit tests in com.mps.deepviolet.test.api to get started…
  6. DeepViolet Desktop Application 1) Provide a URL and Click 2) Report is generated 3) Save report to disk Easy as that. Adapt as needed.
  7. DeepViolet Command Tool 1) Try a command line like this, java -jar dvCMD.jar -serverurl https://www.google.com/ -s hrcisn 2) Report is generated 3) Redirect output to file or pipe to grep to search certificate metadata Easy as that. Adapt as needed.
  8. Additional References OWASP Project Site: https://www.owasp.org/index.php/OWASP_DeepViolet_TLS/SSL_Scanner GitHub Site: https://github.com/spoofzu/DeepViolet Download: https://github.com/spoofzu/DeepViolet/releases Follow Online: twitter, @deepvioletapi
  9. ;o)