OWASP - User contributions [en]

OWASP DeepViolet TLS/SSL Scanner

2018-07-26T17:21:47Z

Miltonsmith: /* News and Events */

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| style="border-right: 1px dotted gray;padding-right:25px;" valign="top" |

==OWASP DeepViolet TLS/SSL API Project and Tools==

DeepViolet is a TLS/SSL scanning API written in Java. To keep DeepViolet easy to use, identify bugs, reference implementations have been developed that consume the API. If you want to see what DeepViolet can do, use it from the command line in your scripts or use the graphical tool from the comfort of your desktop. Both tools can be used to scan HTTPS web servers to check server certificate trust chains, revocation status, check certificates for pending expiration, weak signing algorithms and much more.

==How is DeepViolet Helpful?==

Already great tools exist today for TLS/SSL scanning like, [https://www.ssllabs.com/ssltest/index.html, Qualys Labs], [https://observatory.mozilla.org/, Mozilla Observatory], [https://www.openssl.org/, OpenSSL]. Why do I care about DeepViolet? A valid question and one I asked myself. Originally, DeepViolet was written as an educational tool. A tool to learn TLS/SSL protocols and some of the issues around recent attack trends better. The goal was not to develop a TLS/SSL scanner and compete with existing powerful tools. However, it turns out there are few choices for easy to use open source Java TLS/SSL scanning APIs. What better way to learn TLS/SSL and provide other scanning projects with a Java friendly API scanning solution - the DeepViolet project was born.

==Licensing==

This library is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License, Version 2.0]. You can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" valign="top" |

== Quick Start ==

See project [https://github.com/spoofzu/DeepViolet GitHub home page]

== Project Resources ==

[https://github.com/spoofzu/DeepViolet Code] | [https://github.com/spoofzu/DeepViolet/releases Binaries] | [https://spoofzu.github.io/DeepViolet/ API JavaDocs]

[https://github.com/spoofzu/DeepViolet/issues Issue Tracker]

[https://github.com/spoofzu/DeepViolet/issues/5 Road Map(Beta 5)]

[https://groups.google.com/forum/#!forum/deepviolet-development DeepViolet Dev Group], ask questions

Twitter: [https://twitter.com/deepvioletapi @DeepVioletAPI]

==Requirements==

Java SE 8+

Tested on OS X and Windows

| style="padding-left:25px;width:200px;" valign="top" |

== Project Leader(s) ==

Milton Smith<br />
[https://www.securitycurmudgeon.com/ blog] [https://twitter.com/spoofzu/ twitter] [mailto:milton.smith@owasp.org email]

== Related Projects ==
[https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy Project]

[https://www.owasp.org/index.php/OWASP_Security_Logging_Project OWASP Security Logging Project]

== News and Events ==
* [24 Jul 2018] SecurityOnline.info: OWASP DeepViolet TLS/SSL API
* [Jun 8, 2018] DV at [https://www.blackhat.com/us-18/arsenal/schedule/index.html#deepviolet-ssltls-scanning-api-38-tools-10724 Blackhat 2018 USA]
* [Jun 8, 2018] Significant updates to DV and DeepVioletTools code
* [27 September 2017] [https://www.elementarydigital.co.uk/the-best-ssl-troubleshooting-tools-to-test-out/ Elementary: The Best SSL Troubleshooting Tools to Test Out]
* [1 June 2017] ZAP's HttpsInfo addon leveraging DeepViolet has been released (v9) [http://bit.ly/2r6mmBj More]
* [25 May 2017] DeepViolet Beta 5.0.2 available for download, See [https://github.com/spoofzu/DeepViolet/releases/tag/5.0.2 release notes] for detail.
* [10 November 2016] SlideShare, [http://www.slideshare.net/MiltonSmith6/owasp-deepviolet-tlsssl-java-api-and-tools BlackHat 2016 EU Slide Deck]
* [22 October 2016] Peerlyst, [https://www.peerlyst.com/posts/ssl-tls-session-introspection-deepviolet-cyberpunk SSL TLS Session Introspection: DeepViolet]
* [2 September 2016] Improving documentation and [https://github.com/spoofzu/DeepViolet/issues/5 roadmap for Beta5].
* [17 May 2016] Beta4 Release Candidate is available for download. See [https://github.com/spoofzu/DeepViolet/releases/tag/1.4.000 release notes] for detail.
* [22 April 2016] Oracle Blogs, [https://blogs.oracle.com/java-platform-group/entry/javaone_2016_call_for_proposals JavaOne 2016 Call for Proposals]
* [6 April 2016] Sans Institute, [https://www.sans.org/reading-room/whitepapers/auditing/defending-weaponization-trust-defense-in-depth-assessment-tls-37145 Defending Against the Weaponization of Trust: Defense in Depth Assessment of TLS]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|-
| rowspan="2" width="50%" valign="top" align="center" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| width="50%" valign="top" align="center" | [[File:Owasp-builders-small.png|link=Builders]]
|-
| width="50%" valign="top" align="center" | [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

|}

=Roadmap=

This project is operational and includes a number of powerful features. The roadmap is managed via the projects GitHub site, [https://github.com/spoofzu/DeepViolet/issues DeepViolet Roadmap]. For example, at the time of this writing an issue has been created for Beta5 which is labeled, ''Beta5 Proposed Features/Roadmap''.

''For information about contributing see DeepViolet's [https://github.com/spoofzu/DeepViolet/wiki/Contributing Contributing page] on GitHub.''

=Project About=

{{Template:Project About
| project_name = DeepViolet
| project_description = TLS/SSL scanning tool for the command line, desktop, and API to include in your programs.
| project_license = [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License 2.0]
| leader_name1 = Milton Smith
| leader_email1 = milton.smith@owasp.org
| leader_username1 = [https://www.owasp.org/index.php/User:Miltonsmith Miltonsmith]
| mailing_list_name =[https://lists.owasp.org/mailman/listinfo/deepviolet https://lists.owasp.org/mailman/listinfo/deepviolet]
}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Code]]

OWASP DeepViolet TLS/SSL Scanner

2018-06-08T21:40:06Z

Miltonsmith: Clean up page

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| style="border-right: 1px dotted gray;padding-right:25px;" valign="top" |

==OWASP DeepViolet TLS/SSL API Project and Tools==

DeepViolet is a TLS/SSL scanning API written in Java. To keep DeepViolet easy to use, identify bugs, reference implementations have been developed that consume the API. If you want to see what DeepViolet can do, use it from the command line in your scripts or use the graphical tool from the comfort of your desktop. Both tools can be used to scan HTTPS web servers to check server certificate trust chains, revocation status, check certificates for pending expiration, weak signing algorithms and much more.

==How is DeepViolet Helpful?==

Already great tools exist today for TLS/SSL scanning like, [https://www.ssllabs.com/ssltest/index.html, Qualys Labs], [https://observatory.mozilla.org/, Mozilla Observatory], [https://www.openssl.org/, OpenSSL]. Why do I care about DeepViolet? A valid question and one I asked myself. Originally, DeepViolet was written as an educational tool. A tool to learn TLS/SSL protocols and some of the issues around recent attack trends better. The goal was not to develop a TLS/SSL scanner and compete with existing powerful tools. However, it turns out there are few choices for easy to use open source Java TLS/SSL scanning APIs. What better way to learn TLS/SSL and provide other scanning projects with a Java friendly API scanning solution - the DeepViolet project was born.

==Licensing==

This library is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License, Version 2.0]. You can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" valign="top" |

== Quick Start ==

See project [https://github.com/spoofzu/DeepViolet GitHub home page]

== Project Resources ==

[https://github.com/spoofzu/DeepViolet Code] | [https://github.com/spoofzu/DeepViolet/releases Binaries] | [https://spoofzu.github.io/DeepViolet/ API JavaDocs]

[https://github.com/spoofzu/DeepViolet/issues Issue Tracker]

[https://github.com/spoofzu/DeepViolet/issues/5 Road Map(Beta 5)]

[https://groups.google.com/forum/#!forum/deepviolet-development DeepViolet Dev Group], ask questions

Twitter: [https://twitter.com/deepvioletapi @DeepVioletAPI]

==Requirements==

Java SE 8+

Tested on OS X and Windows

| style="padding-left:25px;width:200px;" valign="top" |

== Project Leader(s) ==

Milton Smith<br />
[https://www.securitycurmudgeon.com/ blog] [https://twitter.com/spoofzu/ twitter] [mailto:milton.smith@owasp.org email]

== Related Projects ==
[https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy Project]

[https://www.owasp.org/index.php/OWASP_Security_Logging_Project OWASP Security Logging Project]

== News and Events ==
* [Jun 8, 2018] DV at [https://www.blackhat.com/us-18/arsenal/schedule/index.html#deepviolet-ssltls-scanning-api-38-tools-10724 Blackhat 2018 USA]
* [Jun 8, 2018] Significant updates to DV and DeepVioletTools code
* [27 September 2017] [https://www.elementarydigital.co.uk/the-best-ssl-troubleshooting-tools-to-test-out/ Elementary: The Best SSL Troubleshooting Tools to Test Out]
* [1 June 2017] ZAP's HttpsInfo addon leveraging DeepViolet has been released (v9) [http://bit.ly/2r6mmBj More]
* [25 May 2017] DeepViolet Beta 5.0.2 available for download, See [https://github.com/spoofzu/DeepViolet/releases/tag/5.0.2 release notes] for detail.
* [10 November 2016] SlideShare, [http://www.slideshare.net/MiltonSmith6/owasp-deepviolet-tlsssl-java-api-and-tools BlackHat 2016 EU Slide Deck]
* [22 October 2016] Peerlyst, [https://www.peerlyst.com/posts/ssl-tls-session-introspection-deepviolet-cyberpunk SSL TLS Session Introspection: DeepViolet]
* [2 September 2016] Improving documentation and [https://github.com/spoofzu/DeepViolet/issues/5 roadmap for Beta5].
* [17 May 2016] Beta4 Release Candidate is available for download. See [https://github.com/spoofzu/DeepViolet/releases/tag/1.4.000 release notes] for detail.
* [22 April 2016] Oracle Blogs, [https://blogs.oracle.com/java-platform-group/entry/javaone_2016_call_for_proposals JavaOne 2016 Call for Proposals]
* [6 April 2016] Sans Institute, [https://www.sans.org/reading-room/whitepapers/auditing/defending-weaponization-trust-defense-in-depth-assessment-tls-37145 Defending Against the Weaponization of Trust: Defense in Depth Assessment of TLS]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|-
| rowspan="2" width="50%" valign="top" align="center" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| width="50%" valign="top" align="center" | [[File:Owasp-builders-small.png|link=Builders]]
|-
| width="50%" valign="top" align="center" | [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

|}

=Roadmap=

This project is operational and includes a number of powerful features. The roadmap is managed via the projects GitHub site, [https://github.com/spoofzu/DeepViolet/issues DeepViolet Roadmap]. For example, at the time of this writing an issue has been created for Beta5 which is labeled, ''Beta5 Proposed Features/Roadmap''.

''For information about contributing see DeepViolet's [https://github.com/spoofzu/DeepViolet/wiki/Contributing Contributing page] on GitHub.''

=Project About=

{{Template:Project About
| project_name = DeepViolet
| project_description = TLS/SSL scanning tool for the command line, desktop, and API to include in your programs.
| project_license = [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License 2.0]
| leader_name1 = Milton Smith
| leader_email1 = milton.smith@owasp.org
| leader_username1 = [https://www.owasp.org/index.php/User:Miltonsmith Miltonsmith]
| mailing_list_name =[https://lists.owasp.org/mailman/listinfo/deepviolet https://lists.owasp.org/mailman/listinfo/deepviolet]
}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Code]]

OWASP DeepViolet TLS/SSL Scanner

2018-06-08T21:38:50Z

Miltonsmith: Added recent news

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| style="border-right: 1px dotted gray;padding-right:25px;" valign="top" |

==OWASP DeepViolet TLS/SSL API Project and Tools==

DeepViolet is a TLS/SSL scanning API written in Java. To keep DeepViolet easy to use, identify bugs, reference implementations have been developed that consume the API. If you want to see what DeepViolet can do, use it from the command line in your scripts or use the graphical tool from the comfort of your desktop. Both tools can be used to scan HTTPS web servers to check server certificate trust chains, revocation status, check certificates for pending expiration, weak signing algorithms and much more.

==How is DeepViolet Helpful?==

Already great tools exist today for TLS/SSL scanning like, [https://www.ssllabs.com/ssltest/index.html, Qualys Labs], [https://observatory.mozilla.org/, Mozilla Observatory], [https://www.openssl.org/, OpenSSL]. Why do I care about DeepViolet? A valid question and one I asked myself. Originally, DeepViolet was written as an educational tool. A tool to learn TLS/SSL protocols and some of the issues around recent attack trends better. The goal was not to develop a TLS/SSL scanner and compete with existing powerful tools. However, it turns out there are few choices for easy to use open source Java TLS/SSL scanning APIs. What better way to learn TLS/SSL and provide other scanning projects with a Java friendly API scanning solution - the DeepViolet project was born.

==Licensing==

This library is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License, Version 2.0]. You can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" valign="top" |

== Quick Start ==

See project [https://github.com/spoofzu/DeepViolet GitHub home page]

== Project Resources ==

[https://github.com/spoofzu/DeepViolet Code] | [https://github.com/spoofzu/DeepViolet/releases Binaries] | [https://spoofzu.github.io/DeepViolet/ API JavaDocs]

[https://github.com/spoofzu/DeepViolet/issues Issue Tracker]

[https://github.com/spoofzu/DeepViolet/issues/5 Road Map(Beta 5)]

[https://groups.google.com/forum/#!forum/deepviolet-development DeepViolet Dev Group], ask questions

Twitter: [https://twitter.com/deepvioletapi @DeepVioletAPI]

==Requirements==

Java SE 8+

Tested on OS X and Windows

| style="padding-left:25px;width:200px;" valign="top" |

== Project Leader(s) ==

Milton Smith<br />
[https://www.securitycurmudgeon.com/ blog] [https://twitter.com/spoofzu/ twitter] [mailto:milton.smith@owasp.org email]

== Related Projects ==
[https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy Project]

[https://www.owasp.org/index.php/OWASP_Security_Logging_Project OWASP Security Logging Project]

== News and Events ==
* [Jun 8, 2018] DV at [https://www.blackhat.com/us-18/arsenal/schedule/index.html#deepviolet-ssltls-scanning-api-38-tools-10724 Blackhat 2018 USA]
* [Jun 8, 2018] Significant updates to DV and DeepVioletTools code
* [27 September 2017] [https://www.elementarydigital.co.uk/the-best-ssl-troubleshooting-tools-to-test-out/ Elementary: The Best SSL Troubleshooting Tools to Test Out]
* [1 June 2017] ZAP's HttpsInfo addon leveraging DeepViolet has been released (v9) [http://bit.ly/2r6mmBj More]
* [25 May 2017] DeepViolet Beta 5.0.2 available for download, See [https://github.com/spoofzu/DeepViolet/releases/tag/5.0.2 release notes] for detail.
* [10 November 2016] SlideShare, [http://www.slideshare.net/MiltonSmith6/owasp-deepviolet-tlsssl-java-api-and-tools BlackHat 2016 EU Slide Deck]
* [22 October 2016] Peerlyst, [https://www.peerlyst.com/posts/ssl-tls-session-introspection-deepviolet-cyberpunk SSL TLS Session Introspection: DeepViolet]
* [2 September 2016] Improving documentation and [https://github.com/spoofzu/DeepViolet/issues/5 roadmap for Beta5].
* [17 May 2016] Beta4 Release Candidate is available for download. See [https://github.com/spoofzu/DeepViolet/releases/tag/1.4.000 release notes] for detail.
* [22 April 2016] Oracle Blogs, [https://blogs.oracle.com/java-platform-group/entry/javaone_2016_call_for_proposals JavaOne 2016 Call for Proposals]
* [6 April 2016] Sans Institute, [https://www.sans.org/reading-room/whitepapers/auditing/defending-weaponization-trust-defense-in-depth-assessment-tls-37145 Defending Against the Weaponization of Trust: Defense in Depth Assessment of TLS]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|-
| rowspan="2" width="50%" valign="top" align="center" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| width="50%" valign="top" align="center" | [[File:Owasp-builders-small.png|link=Builders]]
|-
| width="50%" valign="top" align="center" | [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

|}

=Roadmap=

This project is operational and includes a number of powerful features. The roadmap is managed via the projects GitHub site, [https://github.com/spoofzu/DeepViolet/issues DeepViolet Roadmap]. For example, at the time of this writing an issue has been created for Beta5 which is labeled, ''Beta5 Proposed Features/Roadmap''.

''For information about contributing see DeepViolet's [https://github.com/spoofzu/DeepViolet/wiki/Contributing Contributing page] on GitHub.''

=Project About=

{{Template:Project About
| project_name = DeepViolet
| project_description = TLS/SSL scanning tool for the command line, desktop, and API to include in your programs.
| project_license = [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License 2.0]
| leader_name1 = Milton Smith
| leader_email1 = milton.smith@owasp.org
| leader_username1 = [https://www.owasp.org/index.php/User:Miltonsmith Miltonsmith]
| mailing_list_name =[https://lists.owasp.org/mailman/listinfo/deepviolet https://lists.owasp.org/mailman/listinfo/deepviolet]
}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Code]]

OWASP DeepViolet TLS/SSL Scanner

2018-03-26T05:06:40Z

Miltonsmith: Updated news

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| style="border-right: 1px dotted gray;padding-right:25px;" valign="top" |

==OWASP DeepViolet TLS/SSL API Project and Tools==

DeepViolet is a TLS/SSL scanning API written in Java. To keep DeepViolet easy to use, identify bugs, reference implementations have been developed that consume the API. If you want to see what DeepViolet can do, use it from the command line in your scripts or use the graphical tool from the comfort of your desktop. Both tools can be used to scan HTTPS web servers to check server certificate trust chains, revocation status, check certificates for pending expiration, weak signing algorithms and much more.

==How is DeepViolet Helpful?==

Already great tools exist today for TLS/SSL scanning like, [https://www.ssllabs.com/ssltest/index.html, Qualys Labs], [https://observatory.mozilla.org/, Mozilla Observatory], [https://www.openssl.org/, OpenSSL]. Why do I care about DeepViolet? A valid question and one I asked myself. Originally, DeepViolet was written as an educational tool. A tool to learn TLS/SSL protocols and some of the issues around recent attack trends better. The goal was not to develop a TLS/SSL scanner and compete with existing powerful tools. However, it turns out there are few choices for easy to use open source Java TLS/SSL scanning APIs. What better way to learn TLS/SSL and provide other scanning projects with a Java friendly API scanning solution - the DeepViolet project was born.

==Licensing==

This library is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License, Version 2.0]. You can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" valign="top" |

== Quick Start ==

See project [https://github.com/spoofzu/DeepViolet GitHub home page]

== Project Resources ==

[https://github.com/spoofzu/DeepViolet Code] | [https://github.com/spoofzu/DeepViolet/releases Binaries] | [https://spoofzu.github.io/DeepViolet/ API JavaDocs]

[https://github.com/spoofzu/DeepViolet/issues Issue Tracker]

[https://github.com/spoofzu/DeepViolet/issues/5 Road Map(Beta 5)]

[https://groups.google.com/forum/#!forum/deepviolet-development DeepViolet Dev Group], ask questions

Twitter: [https://twitter.com/deepvioletapi @DeepVioletAPI]

==Requirements==

Java SE 8+

Tested on OS X and Windows

| style="padding-left:25px;width:200px;" valign="top" |

== Project Leader(s) ==

Milton Smith<br />
[https://www.securitycurmudgeon.com/ blog] [https://twitter.com/spoofzu/ twitter] [mailto:milton.smith@owasp.org email]

== Related Projects ==
[https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy Project]

[https://www.owasp.org/index.php/OWASP_Security_Logging_Project OWASP Security Logging Project]

== News and Events ==
* [27 September 2017] [https://www.elementarydigital.co.uk/the-best-ssl-troubleshooting-tools-to-test-out/ Elementary: The Best SSL Troubleshooting Tools to Test Out]
* [1 June 2017] ZAP's HttpsInfo addon leveraging DeepViolet has been released (v9) [http://bit.ly/2r6mmBj More]
* [25 May 2017] DeepViolet Beta 5.0.2 available for download, See [https://github.com/spoofzu/DeepViolet/releases/tag/5.0.2 release notes] for detail.
* [10 November 2016] SlideShare, [http://www.slideshare.net/MiltonSmith6/owasp-deepviolet-tlsssl-java-api-and-tools BlackHat 2016 EU Slide Deck]
* [22 October 2016] Peerlyst, [https://www.peerlyst.com/posts/ssl-tls-session-introspection-deepviolet-cyberpunk SSL TLS Session Introspection: DeepViolet]
* [2 September 2016] Improving documentation and [https://github.com/spoofzu/DeepViolet/issues/5 roadmap for Beta5].
* [17 May 2016] Beta4 Release Candidate is available for download. See [https://github.com/spoofzu/DeepViolet/releases/tag/1.4.000 release notes] for detail.
* [22 April 2016] Oracle Blogs, [https://blogs.oracle.com/java-platform-group/entry/javaone_2016_call_for_proposals JavaOne 2016 Call for Proposals]
* [6 April 2016] Sans Institute, [https://www.sans.org/reading-room/whitepapers/auditing/defending-weaponization-trust-defense-in-depth-assessment-tls-37145 Defending Against the Weaponization of Trust: Defense in Depth Assessment of TLS]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|-
| rowspan="2" valign="top" width="50%" align="center" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| valign="top" width="50%" align="center" | [[File:Owasp-builders-small.png|link=Builders]]
|-
| valign="top" width="50%" align="center" | [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

|}

=Roadmap=

This project is operational and includes a number of powerful features. The roadmap is managed via the projects GitHub site, [https://github.com/spoofzu/DeepViolet/issues DeepViolet Roadmap]. For example, at the time of this writing an issue has been created for Beta5 which is labeled, ''Beta5 Proposed Features/Roadmap''.

''For information about contributing see DeepViolet's [https://github.com/spoofzu/DeepViolet/wiki/Contributing Contributing page] on GitHub.''

=Project About=

{{Template:Project About
| project_name = DeepViolet
| project_description = TLS/SSL scanning tool for the command line, desktop, and API to include in your programs.
| project_license = [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License 2.0]
| leader_name1 = Milton Smith
| leader_email1 = milton.smith@owasp.org
| leader_username1 = [https://www.owasp.org/index.php/User:Miltonsmith Miltonsmith]
| mailing_list_name =[https://lists.owasp.org/mailman/listinfo/deepviolet https://lists.owasp.org/mailman/listinfo/deepviolet]
}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Code]]

Milton Smith 2017 Bio & Why Me?

2017-09-18T20:35:55Z

Miltonsmith: Update bio

'''Why Me?:'''
OWASP is uniquely qualified to influence the industry while providing technical resources to defend against the next generation of Internet threats. As a security principal at Oracle, and previous security leader of the Java platform, I’m no stranger to big challenges. I'm interested to be elected to the board and help OWASP increase it's relevancy throughout the world. Also importantly, to assist OWASP work through it's growing pains as an evolving organization.

'''About Milton:'''
Milton Smith (California, USA) leads product security for the NetSuite division at Oracle. Previously Milton was security leader for the Java platform engineering group at Oracle. Outside the company, Milton is the project leader for two OWASP projects. Milton is solo leader/developer on [https://www.owasp.org/index.php/OWASP_DeepViolet_TLS/SSL_Scanner OWASP DeepViolet TLS/SSL scanning API]. DeepViolet is important since it provides the TLS/SSL scanning capabilities for the [https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Flagship project ZAP]. Milton also a co-leader on the [https://www.owasp.org/index.php/OWASP_Security_Logging_Project OWASP Security Logging Project]. During collaboration on the web application security book project, [http://a.co/4dgnhRO Iron-Clad Java: Building Secure Web Applications] many powerful ideas around software logging were discussed that could not be covered in print. To explore these ideas further, [https://www.owasp.org/index.php/OWASP_Security_Logging_Project OWASP Security Logging Project] was born. Previous employers include companies like Yahoo and SuccessFactors. For more information visit, [https://www.securitycurmudgeon.com/about securitycurmudgeon.com/about].

User:Miltonsmith

2017-08-30T03:54:30Z

Miltonsmith: Update bio

Milton Smith (California, USA) leads product security for the NetSuite division at Oracle. Previously Milton was security leader for the Java platform engineering group. Outside the company, Milton is the project leader for both the [https://www.owasp.org/index.php/OWASP_DeepViolet_TLS/SSL_Scanner OWASP DeepViolet TLS/SSL scanning API] and [https://www.owasp.org/index.php/OWASP_Security_Logging_Project OWASP Security Logging] Projects. Previous employers include companies like Yahoo and SuccessFactors. For more information visit, [https://www.securitycurmudgeon.com/about securitycurmudgeon.com/about].

Milton Smith 2017 Bio & Why Me?

2017-08-30T03:52:51Z

Miltonsmith: Update bio

Milton Smith 2017 Bio & Why Me?

2017-08-30T03:52:20Z

Miltonsmith: Update bio

Milton Smith 2017 Bio & Why Me?

2017-08-10T22:01:39Z

Miltonsmith: Added links

Milton Smith

'''About Milton:'''
Milton Smith (California, USA) leads product security for the NetSuite division at Oracle. Previously Milton was security leader for the Java platform engineering group. Outside the company, Milton is the project leader for both the [https://www.owasp.org/index.php/OWASP_DeepViolet_TLS/SSL_Scanner OWASP DeepViolet TLS/SSL scanning API] and [https://www.owasp.org/index.php/OWASP_Security_Logging_Project OWASP Security Logging] Projects. Previous employers include companies like Yahoo and SuccessFactors. For more information visit, [https://www.securitycurmudgeon.com/ securitycurmudgeon.com] or follow Milton on Twitter([https://twitter.com/spoofzu @spoofzu]).

'''Why Me?:'''
Today strong product security claims are less frequently accepted at face value. When product security incidents occur, businesses and governments provide excuses like: “hackers are becoming more sophisticated”, “security is too difficult a problem to solve”, or “everyone has bugs.” However, as the number and severity of security incidents continues to rise, public patience for trite excuses grows weary. The public is increasingly demanding more accountability from business leaders and governments around product security. As leaders transition from an era of plausible deniability to one of accountability, OWASP is uniquely qualified to influence the industry while providing technical resources to defend against the next generation of Internet threats.

As a security principal at Oracle, and previous security leader of the Java platform, I’m no stranger to big challenges. I'm interested to be elected to the OWASP board and help OWASP increase it's relevancy throughout the world. My [https://www.securitycurmudgeon.com/about blog About] page describes specific industry contributions, contribution to OWASP events, etc.

Milton Smith 2017 Bio & Why Me?

2017-08-10T21:39:22Z

Miltonsmith: update

Milton Smith

'''About Milton:'''
Milton Smith (California, USA) leads product security for the NetSuite division at Oracle. Previously Milton was security leader for the Java platform engineering group. Outside the company, Milton is the project leader for both the OWASP DeepViolet TLS/SSL scanning API and OWASP Security Logging Projects. Previous employers include companies like Yahoo and SuccessFactors. For more information visit, securitycurmudgeon.com or follow Milton on Twitter(@spoofzu).

'''Why Me?:'''
Today strong product security claims are less frequently accepted at face value. When product security incidents occur, businesses and governments provide excuses like: “hackers are becoming more sophisticated”, “security is too difficult a problem to solve”, or “everyone has bugs.” However, as the number and severity of security incidents continues to rise, public patience for trite excuses grows weary. The public is increasingly demanding more accountability from business leaders and governments around product security. As leaders transition from an era of plausible deniability to one of accountability, OWASP is uniquely qualified to influence the industry while providing technical resources to defend against the next generation of Internet threats.

As a security principal at Oracle, and previous security leader of the Java platform, I’m no stranger to big challenges. I'm interested to be elected to the OWASP board and help OWASP increase it's relevancy throughout the world.

Milton Smith 2017 Bio & Why Me?

2017-08-09T18:35:31Z

Miltonsmith: Update bio

Milton Smith

'''About Milton:'''
Milton Smith (California, USA) leads product security for the NetSuite division at Oracle. Previously Milton was security leader for the Java platform engineering group. Outside the company, Milton is the project leader for both the OWASP DeepViolet TLS/SSL scanning API and OWASP Security Logging Projects. Previous employers include companies like Yahoo and SuccessFactors. For more information visit, securitycurmudgeon.com or follow Milton on Twitter(@spoofzu).

'''Why Me?:'''
Today strong product security claims are less frequently accepted at face value. When product security incidents occur, businesses and governments provide excuses like: “hackers are becoming more sophisticated”, “security is too difficult a problem to solve”, or “everyone has bugs.” However, as the number and severity of security incidents continues to rise, public patience for trite excuses grows weary. The public is increasingly demanding more accountability from business leaders and governments around product security. As leaders transition from an era of plausible deniability to accountability, they search for solutions and broaden their investments. OWASP is uniquely qualified to provide the guidance and resources to defend against the next generation of Internet threats.

As a security principal at Oracle, and previous security leader of the Java platform, I’m no stranger to big challenges. I'm interested to be elected to the OWASP board and help OWASP increase it's relevancy throughout the world.

OWASP DeepViolet TLS/SSL Scanner

2017-06-07T16:58:04Z

Miltonsmith:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP DeepViolet TLS/SSL API Project and Tools==

DeepViolet is a TLS/SSL scanning API written in Java. To keep DeepViolet easy to use, identify bugs, reference implementations have been developed that consume the API. If you want to see what DeepViolet can do, use it from the command line in your scripts or use the graphical tool from the comfort of your desktop. Both tools can be used to scan HTTPS web servers to check server certificate trust chains, revocation status, check certificates for pending expiration, weak signing algorithms and much more.

==How is DeepViolet Helpful?==

Already great tools exist today for TLS/SSL scanning like, [https://www.ssllabs.com/ssltest/index.html, Qualys Labs], [https://observatory.mozilla.org/, Mozilla Observatory], [https://www.openssl.org/, OpenSSL]. Why do I care about DeepViolet? A valid question and one I asked myself. Originally, DeepViolet was written as an educational tool. A tool to learn TLS/SSL protocols and some of the issues around recent attack trends better. The goal was not to develop a TLS/SSL scanner and compete with existing powerful tools. However, it turns out there are few choices for easy to use open source Java TLS/SSL scanning APIs. What better way to learn TLS/SSL and provide other scanning projects with a Java friendly API scanning solution - the DeepViolet project was born.

==Licensing==

This library is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License, Version 2.0]. You can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Quick Start ==

See project [https://github.com/spoofzu/DeepViolet GitHub home page]

== Project Resources ==

[https://github.com/spoofzu/DeepViolet Code] | [https://github.com/spoofzu/DeepViolet/releases Binaries] | [https://spoofzu.github.io/DeepViolet/ API JavaDocs]

[https://github.com/spoofzu/DeepViolet/issues Issue Tracker]

[https://github.com/spoofzu/DeepViolet/issues/5 Road Map(Beta 5)]

[https://groups.google.com/forum/#!forum/deepviolet-development DeepViolet Dev Group], ask questions

Twitter: [https://twitter.com/deepvioletapi @DeepVioletAPI]

==Requirements==

Java SE 8+

Tested on OS X and Windows

| valign="top" style="padding-left:25px;width:200px;" |

== Project Leader(s) ==

Milton Smith<br/>
[https://www.securitycurmudgeon.com/ blog ] [https://twitter.com/spoofzu/ twitter] [mailto:milton.smith@owasp.org email]

== Related Projects ==
[https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy Project]

[https://www.owasp.org/index.php/OWASP_Security_Logging_Project OWASP Security Logging Project]

== News and Events ==
* [1 June 2017] ZAP's HttpsInfo addon leveraging DeepViolet has been released (v9) [http://bit.ly/2r6mmBj More]
* [25 May 2017] DeepViolet Beta 5.0.2 available for download, See [https://github.com/spoofzu/DeepViolet/releases/tag/5.0.2 release notes] for detail.
* [10 November 2016] SlideShare, [http://www.slideshare.net/MiltonSmith6/owasp-deepviolet-tlsssl-java-api-and-tools BlackHat 2016 EU Slide Deck]
* [22 October 2016] Peerlyst, [https://www.peerlyst.com/posts/ssl-tls-session-introspection-deepviolet-cyberpunk SSL TLS Session Introspection: DeepViolet]
* [2 September 2016] Improving documentation and [https://github.com/spoofzu/DeepViolet/issues/5 roadmap for Beta5].
* [17 May 2016] Beta4 Release Candidate is available for download. See [https://github.com/spoofzu/DeepViolet/releases/tag/1.4.000 release notes] for detail.
* [22 April 2016] Oracle Blogs, [https://blogs.oracle.com/java-platform-group/entry/javaone_2016_call_for_proposals JavaOne 2016 Call for Proposals]
* [6 April 2016] Sans Institute, [https://www.sans.org/reading-room/whitepapers/auditing/defending-weaponization-trust-defense-in-depth-assessment-tls-37145 Defending Against the Weaponization of Trust: Defense in Depth Assessment of TLS]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

|}

=Roadmap=

This project is operational and includes a number of powerful features. The roadmap is managed via the projects GitHub site, [https://github.com/spoofzu/DeepViolet/issues DeepViolet Roadmap]. For example, at the time of this writing an issue has been created for Beta5 which is labeled, ''Beta5 Proposed Features/Roadmap''.

''For information about contributing see DeepViolet's [https://github.com/spoofzu/DeepViolet/wiki/Contributing Contributing page] on GitHub.''

=Project About=

{{Template:Project About
| project_name = DeepViolet
| project_description = TLS/SSL scanning tool for the command line, desktop, and API to include in your programs.
| project_license = [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License 2.0]
| leader_name1 = Milton Smith
| leader_email1 = milton.smith@owasp.org
| leader_username1 = [https://www.owasp.org/index.php/User:Miltonsmith Miltonsmith]
| mailing_list_name =[https://lists.owasp.org/mailman/listinfo/deepviolet https://lists.owasp.org/mailman/listinfo/deepviolet]
}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Code]]

OWASP DeepViolet TLS/SSL Scanner

2017-05-26T04:35:48Z

Miltonsmith:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP DeepViolet TLS/SSL API Project and Tools==

DeepViolet is a TLS/SSL scanning API written in Java. To keep DeepViolet easy to use, identify bugs, reference implementations have been developed that consume the API. If you want to see what DeepViolet can do, use it from the command line in your scripts or use the graphical tool from the comfort of your desktop. Both tools can be used to scan HTTPS web servers to check server certificate trust chains, revocation status, check certificates for pending expiration, weak signing algorithms and much more.

==How is DeepViolet Helpful?==

Already great tools exist today for TLS/SSL scanning like, [https://www.ssllabs.com/ssltest/index.html, Qualys Labs], [https://observatory.mozilla.org/, Mozilla Observatory], [https://www.openssl.org/, OpenSSL]. Why do I care about DeepViolet? A valid question and one I asked myself. Originally, DeepViolet was written as an educational tool. A tool to learn TLS/SSL protocols and some of the issues around recent attack trends better. The goal was not to develop a TLS/SSL scanner and compete with existing powerful tools. However, it turns out there are few choices for easy to use open source Java TLS/SSL scanning APIs. What better way to learn TLS/SSL and provide other scanning projects with a Java friendly API scanning solution - the DeepViolet project was born.

==Licensing==

This library is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License, Version 2.0]. You can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Quick Start ==

See project [https://github.com/spoofzu/DeepViolet GitHub home page]

== Project Resources ==

[https://github.com/spoofzu/DeepViolet Code] | [https://github.com/spoofzu/DeepViolet/releases Binaries] | [https://spoofzu.github.io/DeepViolet/ API JavaDocs]

[https://github.com/spoofzu/DeepViolet/issues Issue Tracker]

[https://github.com/spoofzu/DeepViolet/issues/5 Road Map(Beta 5)]

[https://groups.google.com/forum/#!forum/deepviolet-development DeepViolet Dev Group], ask questions

Twitter: [https://twitter.com/deepvioletapi @DeepVioletAPI]

==Requirements==

Java SE 8+

Tested on OS X and Windows

| valign="top" style="padding-left:25px;width:200px;" |

== Project Leader(s) ==

Milton Smith<br/>
[https://www.securitycurmudgeon.com/ blog ] [https://twitter.com/spoofzu/ twitter] [mailto:milton.smith@owasp.org email]

== Related Projects ==
[https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy Project]

[https://www.owasp.org/index.php/OWASP_Security_Logging_Project OWASP Security Logging Project]

== News and Events ==
* [25 May 2017] DeepViolet Beta 5.0.2 available for download, See [https://github.com/spoofzu/DeepViolet/releases/tag/5.0.2 release notes] for detail.
* [10 November 2016] SlideShare, [http://www.slideshare.net/MiltonSmith6/owasp-deepviolet-tlsssl-java-api-and-tools BlackHat 2016 EU Slide Deck]
* [22 October 2016] Peerlyst, [https://www.peerlyst.com/posts/ssl-tls-session-introspection-deepviolet-cyberpunk SSL TLS Session Introspection: DeepViolet]
* [2 September 2016] Improving documentation and [https://github.com/spoofzu/DeepViolet/issues/5 roadmap for Beta5].
* [17 May 2016] Beta4 Release Candidate is available for download. See [https://github.com/spoofzu/DeepViolet/releases/tag/1.4.000 release notes] for detail.
* [22 April 2016] Oracle Blogs, [https://blogs.oracle.com/java-platform-group/entry/javaone_2016_call_for_proposals JavaOne 2016 Call for Proposals]
* [6 April 2016] Sans Institute, [https://www.sans.org/reading-room/whitepapers/auditing/defending-weaponization-trust-defense-in-depth-assessment-tls-37145 Defending Against the Weaponization of Trust: Defense in Depth Assessment of TLS]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

|}

=Roadmap=

This project is operational and includes a number of powerful features. The roadmap is managed via the projects GitHub site, [https://github.com/spoofzu/DeepViolet/issues DeepViolet Roadmap]. For example, at the time of this writing an issue has been created for Beta5 which is labeled, ''Beta5 Proposed Features/Roadmap''.

''For information about contributing see DeepViolet's [https://github.com/spoofzu/DeepViolet/wiki/Contributing Contributing page] on GitHub.''

=Project About=

{{Template:Project About
| project_name = DeepViolet
| project_description = TLS/SSL scanning tool for the command line, desktop, and API to include in your programs.
| project_license = [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License 2.0]
| leader_name1 = Milton Smith
| leader_email1 = milton.smith@owasp.org
| leader_username1 = [https://www.owasp.org/index.php/User:Miltonsmith Miltonsmith]
| mailing_list_name =[https://lists.owasp.org/mailman/listinfo/deepviolet https://lists.owasp.org/mailman/listinfo/deepviolet]
}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Code]]

OWASP DeepViolet TLS/SSL Scanner

2016-11-10T18:57:20Z

Miltonsmith: /* News and Events */

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP DeepViolet TLS/SSL API Project and Tools==

DeepViolet is a TLS/SSL scanning API written in Java. To keep DeepViolet easy to use, identify bugs, reference implementations have been developed that consume the API. If you want to see what DeepViolet can do, use it from the command line in your scripts or use the graphical tool from the comfort of your desktop. Both tools can be used to scan HTTPS web servers to check server certificate trust chains, revocation status, check certificates for pending expiration, weak signing algorithms and much more.

==How is DeepViolet Helpful?==

Already great tools exist today for TLS/SSL scanning like, [https://www.ssllabs.com/ssltest/index.html, Qualys Labs], [https://observatory.mozilla.org/, Mozilla Observatory], [https://www.openssl.org/, OpenSSL]. Why do I care about DeepViolet? A valid question and one I asked myself. Originally, DeepViolet was written as an educational tool. A tool to learn TLS/SSL protocols and some of the issues around recent attack trends better. The goal was not to develop a TLS/SSL scanner and compete with existing powerful tools. However, it turns out there are few choices for easy to use open source Java TLS/SSL scanning APIs. What better way to learn TLS/SSL and provide other scanning projects with a Java friendly API scanning solution - the DeepViolet project was born.

==Licensing==

This library is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License, Version 2.0]. You can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Quick Start ==

See project [https://github.com/spoofzu/DeepViolet GitHub home page]

== Project Resources ==

[https://github.com/spoofzu/DeepViolet Code] | [https://github.com/spoofzu/DeepViolet/releases Binaries] | [https://spoofzu.github.io/DeepViolet/ API JavaDocs]

[https://github.com/spoofzu/DeepViolet/issues Issue Tracker]

[https://github.com/spoofzu/DeepViolet/issues/5 Road Map(Beta 5)]

[https://groups.google.com/forum/#!forum/deepviolet-development DeepViolet Dev Group], ask questions

Twitter: [https://twitter.com/deepvioletapi @DeepVioletAPI]

==Requirements==

Java SE 8+

Tested on OS X and Windows

| valign="top" style="padding-left:25px;width:200px;" |

== Project Leader(s) ==

Milton Smith<br/>
[https://www.securitycurmudgeon.com/ blog ] [https://twitter.com/spoofzu/ twitter] [mailto:milton.smith@owasp.org email]

== Related Projects ==
[https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy Project]

[https://www.owasp.org/index.php/OWASP_Security_Logging_Project OWASP Security Logging Project]

== News and Events ==
* [10 November 2016] SlideShare, [http://www.slideshare.net/MiltonSmith6/owasp-deepviolet-tlsssl-java-api-and-tools BlackHat 2016 EU Slide Deck]
* [22 October 2016] Peerlyst, [https://www.peerlyst.com/posts/ssl-tls-session-introspection-deepviolet-cyberpunk SSL TLS Session Introspection: DeepViolet]
* [2 September 2016] Improving documentation and [https://github.com/spoofzu/DeepViolet/issues/5 roadmap for Beta5].
* [17 May 2016] Beta4 Release Candidate is available for download. See [https://github.com/spoofzu/DeepViolet/releases/tag/1.4.000 release notes] for detail.
* [22 April 2016] Oracle Blogs, [https://blogs.oracle.com/java-platform-group/entry/javaone_2016_call_for_proposals JavaOne 2016 Call for Proposals]
* [6 April 2016] Sans Institute, [https://www.sans.org/reading-room/whitepapers/auditing/defending-weaponization-trust-defense-in-depth-assessment-tls-37145 Defending Against the Weaponization of Trust: Defense in Depth Assessment of TLS]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

|}

=Roadmap=

This project is operational and includes a number of powerful features. The roadmap is managed via the projects GitHub site, [https://github.com/spoofzu/DeepViolet/issues DeepViolet Roadmap]. For example, at the time of this writing an issue has been created for Beta5 which is labeled, ''Beta5 Proposed Features/Roadmap''.

''For information about contributing see DeepViolet's [https://github.com/spoofzu/DeepViolet/wiki/Contributing Contributing page] on GitHub.''

=Project About=

{{Template:Project About
| project_name = DeepViolet
| project_description = TLS/SSL scanning tool for the command line, desktop, and API to include in your programs.
| project_license = [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License 2.0]
| leader_name1 = Milton Smith
| leader_email1 = milton.smith@owasp.org
| leader_username1 = [https://www.owasp.org/index.php/User:Miltonsmith Miltonsmith]
| mailing_list_name =[https://lists.owasp.org/mailman/listinfo/deepviolet https://lists.owasp.org/mailman/listinfo/deepviolet]
}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Code]]

File:Dvui.jpg

2016-11-10T15:21:44Z

Miltonsmith: Photo of desktop application reference case for DeepViolet API project.

Photo of desktop application reference case for DeepViolet API project.

File:Dvcmd.png

2016-11-10T15:18:58Z

Miltonsmith: Photo of the command line options for DeepViolet API project command line reference case.

Photo of the command line options for DeepViolet API project command line reference case.

OWASP DeepViolet TLS/SSL Scanner

2016-11-04T23:46:36Z

Miltonsmith: Update news and events

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP DeepViolet TLS/SSL API Project and Tools==

DeepViolet is a TLS/SSL scanning API written in Java. To keep DeepViolet easy to use, identify bugs, reference implementations have been developed that consume the API. If you want to see what DeepViolet can do, use it from the command line in your scripts or use the graphical tool from the comfort of your desktop. Both tools can be used to scan HTTPS web servers to check server certificate trust chains, revocation status, check certificates for pending expiration, weak signing algorithms and much more.

==How is DeepViolet Helpful?==

Already great tools exist today for TLS/SSL scanning like, [https://www.ssllabs.com/ssltest/index.html, Qualys Labs], [https://observatory.mozilla.org/, Mozilla Observatory], [https://www.openssl.org/, OpenSSL]. Why do I care about DeepViolet? A valid question and one I asked myself. Originally, DeepViolet was written as an educational tool. A tool to learn TLS/SSL protocols and some of the issues around recent attack trends better. The goal was not to develop a TLS/SSL scanner and compete with existing powerful tools. However, it turns out there are few choices for easy to use open source Java TLS/SSL scanning APIs. What better way to learn TLS/SSL and provide other scanning projects with a Java friendly API scanning solution - the DeepViolet project was born.

==Licensing==

This library is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License, Version 2.0]. You can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Quick Start ==

See project [https://github.com/spoofzu/DeepViolet GitHub home page]

== Project Resources ==

[https://github.com/spoofzu/DeepViolet Code] | [https://github.com/spoofzu/DeepViolet/releases Binaries] | [https://spoofzu.github.io/DeepViolet/ API JavaDocs]

[https://github.com/spoofzu/DeepViolet/issues Issue Tracker]

[https://github.com/spoofzu/DeepViolet/issues/5 Road Map(Beta 5)]

[https://groups.google.com/forum/#!forum/deepviolet-development DeepViolet Dev Group], ask questions

Twitter: [https://twitter.com/deepvioletapi @DeepVioletAPI]

==Requirements==

Java SE 8+

Tested on OS X and Windows

| valign="top" style="padding-left:25px;width:200px;" |

== Project Leader(s) ==

Milton Smith<br/>
[https://www.securitycurmudgeon.com/ blog ] [https://twitter.com/spoofzu/ twitter] [mailto:milton.smith@owasp.org email]

== Related Projects ==
[https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy Project]

[https://www.owasp.org/index.php/OWASP_Security_Logging_Project OWASP Security Logging Project]

== News and Events ==
* [22 October 2016] Peerlyst, [https://www.peerlyst.com/posts/ssl-tls-session-introspection-deepviolet-cyberpunk SSL TLS Session Introspection: DeepViolet]
* [2 September 2016] Improving documentation and [https://github.com/spoofzu/DeepViolet/issues/5 roadmap for Beta5].
* [17 May 2016] Beta4 Release Candidate is available for download. See [https://github.com/spoofzu/DeepViolet/releases/tag/1.4.000 release notes] for detail.
* [22 April 2016] Oracle Blogs, [https://blogs.oracle.com/java-platform-group/entry/javaone_2016_call_for_proposals JavaOne 2016 Call for Proposals]
* [6 April 2016] Sans Institute, [https://www.sans.org/reading-room/whitepapers/auditing/defending-weaponization-trust-defense-in-depth-assessment-tls-37145 Defending Against the Weaponization of Trust: Defense in Depth Assessment of TLS]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

|}

=Roadmap=

This project is operational and includes a number of powerful features. The roadmap is managed via the projects GitHub site, [https://github.com/spoofzu/DeepViolet/issues DeepViolet Roadmap]. For example, at the time of this writing an issue has been created for Beta5 which is labeled, ''Beta5 Proposed Features/Roadmap''.

''For information about contributing see DeepViolet's [https://github.com/spoofzu/DeepViolet/wiki/Contributing Contributing page] on GitHub.''

=Project About=

{{Template:Project About
| project_name = DeepViolet
| project_description = TLS/SSL scanning tool for the command line, desktop, and API to include in your programs.
| project_license = [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License 2.0]
| leader_name1 = Milton Smith
| leader_email1 = milton.smith@owasp.org
| leader_username1 = [https://www.owasp.org/index.php/User:Miltonsmith Miltonsmith]
| mailing_list_name =[https://lists.owasp.org/mailman/listinfo/deepviolet https://lists.owasp.org/mailman/listinfo/deepviolet]
}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Code]]

OWASP DeepViolet TLS/SSL Scanner

2016-10-18T19:55:48Z

Miltonsmith: /* Project Leader(s) */

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP DeepViolet TLS/SSL API Project and Tools==

DeepViolet is a TLS/SSL scanning API written in Java. To keep DeepViolet easy to use, identify bugs, reference implementations have been developed that consume the API. If you want to see what DeepViolet can do, use it from the command line in your scripts or use the graphical tool from the comfort of your desktop. Both tools can be used to scan HTTPS web servers to check server certificate trust chains, revocation status, check certificates for pending expiration, weak signing algorithms and much more.

==How is DeepViolet Helpful?==

Already great tools exist today for TLS/SSL scanning like, [https://www.ssllabs.com/ssltest/index.html, Qualys Labs], [https://observatory.mozilla.org/, Mozilla Observatory], [https://www.openssl.org/, OpenSSL]. Why do I care about DeepViolet? A valid question and one I asked myself. Originally, DeepViolet was written as an educational tool. A tool to learn TLS/SSL protocols and some of the issues around recent attack trends better. The goal was not to develop a TLS/SSL scanner and compete with existing powerful tools. However, it turns out there are few choices for easy to use open source Java TLS/SSL scanning APIs. What better way to learn TLS/SSL and provide other scanning projects with a Java friendly API scanning solution - the DeepViolet project was born.

==Licensing==

This library is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License, Version 2.0]. You can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Quick Start ==

See project [https://github.com/spoofzu/DeepViolet GitHub home page]

== Project Resources ==

[https://github.com/spoofzu/DeepViolet Code] | [https://github.com/spoofzu/DeepViolet/releases Binaries] | [https://spoofzu.github.io/DeepViolet/ API JavaDocs]

[https://github.com/spoofzu/DeepViolet/issues Issue Tracker]

[https://github.com/spoofzu/DeepViolet/issues/5 Road Map(Beta 5)]

[https://groups.google.com/forum/#!forum/deepviolet-development DeepViolet Dev Group], ask questions

Twitter: [https://twitter.com/deepvioletapi @DeepVioletAPI]

==Requirements==

Java SE 8+

Tested on OS X and Windows

| valign="top" style="padding-left:25px;width:200px;" |

== Project Leader(s) ==

Milton Smith<br/>
[mailto:milton.smith@owasp.org email] [https://twitter.com/spoofzu/ twitter] [https://www.securitycurmudgeon.com/ blog ]

== Related Projects ==
[https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy Project]

[https://www.owasp.org/index.php/OWASP_Security_Logging_Project OWASP Security Logging Project]

== News and Events ==
* [17 May 2016] Beta4 Release Candidate is available for download. See [https://github.com/spoofzu/DeepViolet/releases/tag/1.4.000 release notes] for detail.
* [2 Sep 2016] Improving documentation and [https://github.com/spoofzu/DeepViolet/issues/5 roadmap for Beta5].

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

|}

=Roadmap=

This project is operational and includes a number of powerful features. The roadmap is managed via the projects GitHub site, [https://github.com/spoofzu/DeepViolet/issues DeepViolet Roadmap]. For example, at the time of this writing an issue has been created for Beta5 which is labeled, ''Beta5 Proposed Features/Roadmap''.

''For information about contributing see DeepViolet's [https://github.com/spoofzu/DeepViolet/wiki/Contributing Contributing page] on GitHub.''

=Project About=

{{Template:Project About
| project_name = DeepViolet
| project_description = TLS/SSL scanning tool for the command line, desktop, and API to include in your programs.
| project_license = [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License 2.0]
| leader_name1 = Milton Smith
| leader_email1 = milton.smith@owasp.org
| leader_username1 = [https://www.owasp.org/index.php/User:Miltonsmith Miltonsmith]
| mailing_list_name =[https://lists.owasp.org/mailman/listinfo/deepviolet https://lists.owasp.org/mailman/listinfo/deepviolet]
}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Code]]

OWASP DeepViolet TLS/SSL Scanner

2016-09-14T17:11:05Z

Miltonsmith: /* OWASP DeepViolet TLS/SSL API Project */

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP DeepViolet TLS/SSL API Project and Tools==

DeepViolet is a TLS/SSL scanning API written in Java. To keep DeepViolet easy to use, identify bugs, reference implementations have been developed that consume the API. If you want to see what DeepViolet can do, use it from the command line in your scripts or use the graphical tool from the comfort of your desktop. Both tools can be used to scan HTTPS web servers to check server certificate trust chains, revocation status, check certificates for pending expiration, weak signing algorithms and much more.

==How is DeepViolet Helpful?==

Already great tools exist today for TLS/SSL scanning like, [https://www.ssllabs.com/ssltest/index.html, Qualys Labs], [https://observatory.mozilla.org/, Mozilla Observatory], [https://www.openssl.org/, OpenSSL]. Why do I care about DeepViolet? A valid question and one I asked myself. Originally, DeepViolet was written as an educational tool. A tool to learn TLS/SSL protocols and some of the issues around recent attack trends better. The goal was not to develop a TLS/SSL scanner and compete with existing powerful tools. However, it turns out there are few choices for easy to use open source Java TLS/SSL scanning APIs. What better way to learn TLS/SSL and provide other scanning projects with a Java friendly API scanning solution - the DeepViolet project was born.

==Licensing==

This library is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License, Version 2.0]. You can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Quick Start ==

See project [https://github.com/spoofzu/DeepViolet GitHub home page]

== Project Resources ==

[https://github.com/spoofzu/DeepViolet Code] | [https://github.com/spoofzu/DeepViolet/releases Binaries] | [https://spoofzu.github.io/DeepViolet/ API JavaDocs]

[https://github.com/spoofzu/DeepViolet/issues Issue Tracker]

[https://github.com/spoofzu/DeepViolet/issues/5 Road Map(Beta 5)]

[https://groups.google.com/forum/#!forum/deepviolet-development DeepViolet Dev Group], ask questions

Twitter: [https://twitter.com/deepvioletapi @DeepVioletAPI]

==Requirements==

Java SE 8+

Tested on OS X and Windows

| valign="top" style="padding-left:25px;width:200px;" |

== Project Leader(s) ==

Milton Smith<br/>
[mailto:milton.smith@owasp.org email] [https://twitter.com/spoofzu/ twitter] [http://www.securitycurmudgeon.com/ blog ]

== Related Projects ==
[https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy Project]

[https://www.owasp.org/index.php/OWASP_Security_Logging_Project OWASP Security Logging Project]

== News and Events ==
* [17 May 2016] Beta4 Release Candidate is available for download. See [https://github.com/spoofzu/DeepViolet/releases/tag/1.4.000 release notes] for detail.
* [2 Sep 2016] Improving documentation and [https://github.com/spoofzu/DeepViolet/issues/5 roadmap for Beta5].

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

|}

=Roadmap=

This project is operational and includes a number of powerful features. The roadmap is managed via the projects GitHub site, [https://github.com/spoofzu/DeepViolet/issues DeepViolet Roadmap]. For example, at the time of this writing an issue has been created for Beta5 which is labeled, ''Beta5 Proposed Features/Roadmap''.

''For information about contributing see DeepViolet's [https://github.com/spoofzu/DeepViolet/wiki/Contributing Contributing page] on GitHub.''

=Project About=

{{Template:Project About
| project_name = DeepViolet
| project_description = TLS/SSL scanning tool for the command line, desktop, and API to include in your programs.
| project_license = [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License 2.0]
| leader_name1 = Milton Smith
| leader_email1 = milton.smith@owasp.org
| leader_username1 = [https://www.owasp.org/index.php/User:Miltonsmith Miltonsmith]
| mailing_list_name =[https://lists.owasp.org/mailman/listinfo/deepviolet https://lists.owasp.org/mailman/listinfo/deepviolet]
}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Code]]

OWASP DeepViolet TLS/SSL Scanner

2016-09-14T17:10:23Z

Miltonsmith: /* OWASP DeepViolet TLS/SSL Scanning API Project */

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP DeepViolet TLS/SSL API Project==

DeepViolet is a TLS/SSL scanning API written in Java. To keep DeepViolet easy to use, identify bugs, reference implementations have been developed that consume the API. If you want to see what DeepViolet can do, use it from the command line in your scripts or use the graphical tool from the comfort of your desktop. Both tools can be used to scan HTTPS web servers to check server certificate trust chains, revocation status, check certificates for pending expiration, weak signing algorithms and much more.

==How is DeepViolet Helpful?==

Already great tools exist today for TLS/SSL scanning like, [https://www.ssllabs.com/ssltest/index.html, Qualys Labs], [https://observatory.mozilla.org/, Mozilla Observatory], [https://www.openssl.org/, OpenSSL]. Why do I care about DeepViolet? A valid question and one I asked myself. Originally, DeepViolet was written as an educational tool. A tool to learn TLS/SSL protocols and some of the issues around recent attack trends better. The goal was not to develop a TLS/SSL scanner and compete with existing powerful tools. However, it turns out there are few choices for easy to use open source Java TLS/SSL scanning APIs. What better way to learn TLS/SSL and provide other scanning projects with a Java friendly API scanning solution - the DeepViolet project was born.

==Licensing==

This library is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License, Version 2.0]. You can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Quick Start ==

See project [https://github.com/spoofzu/DeepViolet GitHub home page]

== Project Resources ==

[https://github.com/spoofzu/DeepViolet Code] | [https://github.com/spoofzu/DeepViolet/releases Binaries] | [https://spoofzu.github.io/DeepViolet/ API JavaDocs]

[https://github.com/spoofzu/DeepViolet/issues Issue Tracker]

[https://github.com/spoofzu/DeepViolet/issues/5 Road Map(Beta 5)]

[https://groups.google.com/forum/#!forum/deepviolet-development DeepViolet Dev Group], ask questions

Twitter: [https://twitter.com/deepvioletapi @DeepVioletAPI]

==Requirements==

Java SE 8+

Tested on OS X and Windows

| valign="top" style="padding-left:25px;width:200px;" |

== Project Leader(s) ==

Milton Smith<br/>
[mailto:milton.smith@owasp.org email] [https://twitter.com/spoofzu/ twitter] [http://www.securitycurmudgeon.com/ blog ]

== Related Projects ==
[https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy Project]

[https://www.owasp.org/index.php/OWASP_Security_Logging_Project OWASP Security Logging Project]

== News and Events ==
* [17 May 2016] Beta4 Release Candidate is available for download. See [https://github.com/spoofzu/DeepViolet/releases/tag/1.4.000 release notes] for detail.
* [2 Sep 2016] Improving documentation and [https://github.com/spoofzu/DeepViolet/issues/5 roadmap for Beta5].

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

|}

=Roadmap=

This project is operational and includes a number of powerful features. The roadmap is managed via the projects GitHub site, [https://github.com/spoofzu/DeepViolet/issues DeepViolet Roadmap]. For example, at the time of this writing an issue has been created for Beta5 which is labeled, ''Beta5 Proposed Features/Roadmap''.

''For information about contributing see DeepViolet's [https://github.com/spoofzu/DeepViolet/wiki/Contributing Contributing page] on GitHub.''

=Project About=

{{Template:Project About
| project_name = DeepViolet
| project_description = TLS/SSL scanning tool for the command line, desktop, and API to include in your programs.
| project_license = [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License 2.0]
| leader_name1 = Milton Smith
| leader_email1 = milton.smith@owasp.org
| leader_username1 = [https://www.owasp.org/index.php/User:Miltonsmith Miltonsmith]
| mailing_list_name =[https://lists.owasp.org/mailman/listinfo/deepviolet https://lists.owasp.org/mailman/listinfo/deepviolet]
}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Code]]

OWASP DeepViolet TLS/SSL Scanner

2016-09-13T02:10:46Z

Miltonsmith:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP DeepViolet TLS/SSL Scanning API Project==

DeepViolet is a TLS/SSL scanning API written in Java. To keep DeepViolet easy to use, identify bugs, reference implementations have been developed that consume the API. If you want to see what DeepViolet can do, use it from the command line in your scripts or use the graphical tool from the comfort of your desktop. Both tools can be used to scan HTTPS web servers to check server certificate trust chains, revocation status, check certificates for pending expiration, weak signing algorithms and much more.

==How is DeepViolet Helpful?==

Already great tools exist today for TLS/SSL scanning like, [https://www.ssllabs.com/ssltest/index.html, Qualys Labs], [https://observatory.mozilla.org/, Mozilla Observatory], [https://www.openssl.org/, OpenSSL]. Why do I care about DeepViolet? A valid question and one I asked myself. Originally, DeepViolet was written as an educational tool. A tool to learn TLS/SSL protocols and some of the issues around recent attack trends better. The goal was not to develop a TLS/SSL scanner and compete with existing powerful tools. However, it turns out there are few choices for easy to use open source Java TLS/SSL scanning APIs. What better way to learn TLS/SSL and provide other scanning projects with a Java friendly API scanning solution - the DeepViolet project was born.

==Licensing==

This library is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License, Version 2.0]. You can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Quick Start ==

See project [https://github.com/spoofzu/DeepViolet GitHub home page]

== Project Resources ==

[https://github.com/spoofzu/DeepViolet Code] | [https://github.com/spoofzu/DeepViolet/releases Binaries] | [https://spoofzu.github.io/DeepViolet/ API JavaDocs]

[https://github.com/spoofzu/DeepViolet/issues Issue Tracker]

[https://github.com/spoofzu/DeepViolet/issues/5 Road Map(Beta 5)]

[https://groups.google.com/forum/#!forum/deepviolet-development DeepViolet Dev Group], ask questions

Twitter: [https://twitter.com/deepvioletapi @DeepVioletAPI]

==Requirements==

Java SE 8+

Tested on OS X and Windows

| valign="top" style="padding-left:25px;width:200px;" |

== Project Leader(s) ==

Milton Smith<br/>
[mailto:milton.smith@owasp.org email] [https://twitter.com/spoofzu/ twitter] [http://www.securitycurmudgeon.com/ blog ]

== Related Projects ==
[https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy Project]

[https://www.owasp.org/index.php/OWASP_Security_Logging_Project OWASP Security Logging Project]

== News and Events ==
* [17 May 2016] Beta4 Release Candidate is available for download. See [https://github.com/spoofzu/DeepViolet/releases/tag/1.4.000 release notes] for detail.
* [2 Sep 2016] Improving documentation and [https://github.com/spoofzu/DeepViolet/issues/5 roadmap for Beta5].

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

|}

=Roadmap=

This project is operational and includes a number of powerful features. The roadmap is managed via the projects GitHub site, [https://github.com/spoofzu/DeepViolet/issues DeepViolet Roadmap]. For example, at the time of this writing an issue has been created for Beta5 which is labeled, ''Beta5 Proposed Features/Roadmap''.

''For information about contributing see DeepViolet's [https://github.com/spoofzu/DeepViolet/wiki/Contributing Contributing page] on GitHub.''

=Project About=

{{Template:Project About
| project_name = DeepViolet
| project_description = TLS/SSL scanning tool for the command line, desktop, and API to include in your programs.
| project_license = [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License 2.0]
| leader_name1 = Milton Smith
| leader_email1 = milton.smith@owasp.org
| leader_username1 = [https://www.owasp.org/index.php/User:Miltonsmith Miltonsmith]
| mailing_list_name =[https://lists.owasp.org/mailman/listinfo/deepviolet https://lists.owasp.org/mailman/listinfo/deepviolet]
}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Code]]

OWASP DeepViolet TLS/SSL Scanner

2016-09-13T02:08:33Z

Miltonsmith:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP DeepViolet TLS/SSL Scanning API Project==

DeepViolet is a TLS/SSL scanning API written in Java. To keep DeepViolet easy to use, identify bugs, reference implementations have been developed that consume the API. If you want to see what DeepViolet can do, use it from the command line in your scripts or use the graphical tool from the comfort of your desktop. Both tools can be used to scan HTTPS web servers to check server certificate trust chains, revocation status, check certificates for pending expiration, weak signing algorithms and much more.

==How is DeepViolet Helpful?==

Already great tools exist today for TLS/SSL scanning like, [https://www.ssllabs.com/ssltest/index.html, Qualys Labs], [https://observatory.mozilla.org/, Mozilla Observatory], [https://www.openssl.org/, OpenSSL]. Why do I care about DeepViolet? A valid question and one I asked myself. Originally, DeepViolet was written as an educational tool. A tool to learn TLS/SSL protocols and some of the issues around recent attack trends better. The goal was not to develop a TLS/SSL scanner and compete with existing powerful tools. However, it turns out there are few choices for easy to use open source Java TLS/SSL scanning APIs. What better way to learn TLS/SSL and provide other scanning projects with a Java friendly API scanning solution - the DeepViolet project was born.

==Licensing==

This library is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License, Version 2.0]. You can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Quick Start ==

See project [https://github.com/spoofzu/DeepViolet GitHub home page]

== Project Resources ==

[https://github.com/spoofzu/DeepViolet Code] | [https://github.com/spoofzu/DeepViolet/releases Binaries] | [https://spoofzu.github.io/DeepViolet/ API JavaDocs]

[https://github.com/spoofzu/DeepViolet/issues Issue Tracker]

[https://github.com/spoofzu/DeepViolet/issues/5 Road Map(Beta 5)]

[https://groups.google.com/forum/#!forum/deepviolet-development DeepViolet Dev Group], ask questions

Twitter: [https://twitter.com/deepvioletapi @DeepVioletAPI]

==Requirements==

Java SE 8+

Tested on OS X and Windows

| valign="top" style="padding-left:25px;width:200px;" |

== Project Leader(s) ==

Milton Smith<br/>
[mailto:milton.smith@owasp.org email] [https://twitter.com/spoofzu/ twitter] [http://www.securitycurmudgeon.com/ blog ]

== Related Projects ==
[https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy Project]

[https://www.owasp.org/index.php/OWASP_Security_Logging_Project OWASP Security Logging Project]

== News and Events ==
* [17 May 2016] Beta4 Release Candidate is available for download. See [https://github.com/spoofzu/DeepViolet/releases/tag/1.4.000 release notes] for detail.
* [2 Sep 2016] Improving documentation and [https://github.com/spoofzu/DeepViolet/issues/5 roadmap for Beta5].

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

|}

==Roadmap==

This project is operational and includes a number of powerful features. The roadmap is managed via the projects GitHub site, [https://github.com/spoofzu/DeepViolet/issues DeepViolet Roadmap]. For example, at the time of this writing an issue has been created for Beta5 which is labeled, ''Beta5 Proposed Features/Roadmap''.

''For information about contributing see DeepViolet's [https://github.com/spoofzu/DeepViolet/wiki/Contributing Contributing page] on GitHub.''

=Project About=

{{Template:Project About
| project_name = DeepViolet
| project_description = TLS/SSL scanning tool for the command line, desktop, and API to include in your programs.
| project_license = [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License 2.0]
| leader_name1 = Milton Smith
| leader_email1 = milton.smith@owasp.org
| leader_username1 = [https://www.owasp.org/index.php/User:Miltonsmith Miltonsmith]
| mailing_list_name =[https://lists.owasp.org/mailman/listinfo/deepviolet https://lists.owasp.org/mailman/listinfo/deepviolet]
}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Code]]

OWASP DeepViolet TLS/SSL Scanner

2016-09-12T22:52:50Z

Miltonsmith: /* Project Resources */

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP DeepViolet TLS/SSL Scanning API Project==

DeepViolet is a TLS/SSL scanning API written in Java. To keep DeepViolet easy to use, identify bugs, reference implementations have been developed that consume the API. If you want to see what DeepViolet can do, use it from the command line in your scripts or use the graphical tool from the comfort of your desktop. Both tools can be used to scan HTTPS web servers to check server certificate trust chains, revocation status, check certificates for pending expiration, weak signing algorithms and much more.

==How is DeepViolet Helpful?==

Already great tools exist today for TLS/SSL scanning like, [https://www.ssllabs.com/ssltest/index.html, Qualys Labs], [https://observatory.mozilla.org/, Mozilla Observatory], [https://www.openssl.org/, OpenSSL]. Why do I care about DeepViolet? A valid question and one I asked myself. Originally, DeepViolet was written as an educational tool. A tool to learn TLS/SSL protocols and some of the issues around recent attack trends better. The goal was not to develop a TLS/SSL scanner and compete with existing powerful tools. However, it turns out there are few choices for easy to use open source Java TLS/SSL scanning APIs. What better way to learn TLS/SSL and provide other scanning projects with a Java friendly API scanning solution - the DeepViolet project was born.

==Licensing==

This library is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License, Version 2.0]. You can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Quick Start ==

See project [https://github.com/spoofzu/DeepViolet GitHub home page]

== Project Resources ==

[https://github.com/spoofzu/DeepViolet Code] | [https://github.com/spoofzu/DeepViolet/releases Binaries] | [https://spoofzu.github.io/DeepViolet/ API JavaDocs]

[https://github.com/spoofzu/DeepViolet/issues Issue Tracker]

[https://github.com/spoofzu/DeepViolet/issues/5 Road Map(Beta 5)]

[https://groups.google.com/forum/#!forum/deepviolet-development DeepViolet Dev Group], ask questions

Twitter: [https://twitter.com/deepvioletapi @DeepVioletAPI]

==Requirements==

Java SE 8+

Tested on OS X and Windows

| valign="top" style="padding-left:25px;width:200px;" |

== Project Leader(s) ==

Milton Smith<br/>
[mailto:milton.smith@owasp.org email] [https://twitter.com/spoofzu/ twitter] [http://www.securitycurmudgeon.com/ blog ]

== Related Projects ==
[https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy Project]

[https://www.owasp.org/index.php/OWASP_Security_Logging_Project OWASP Security Logging Project]

== News and Events ==
* [17 May 2016] Beta4 Release Candidate is available for download. See [https://github.com/spoofzu/DeepViolet/releases/tag/1.4.000 release notes] for detail.
* [2 Sep 2016] Improving documentation and [https://github.com/spoofzu/DeepViolet/issues/5 roadmap for Beta5].

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

|}

= Acknowledgements =

==Many Thanks==

Many thanks around negotiating TLS/SSL handshake and cipher suite handling adapted from code examples by Thomas Pornin [mailto://pornin@bolet.org/ email]

==Volunteers==

Code is not the only way to contribute but code contributors are found on [https://github.com/spoofzu/DeepViolet/network/members GitHub Members].

= Road Map and Getting Involved =

==Roadmap==

This project is operational and includes a number of powerful features. The roadmap is managed via the projects GitHub site, [https://github.com/spoofzu/DeepViolet/issues DeepViolet Roadmap]. For example, at the time of this writing an issue has been created for Beta5 which is labeled, ''Beta5 Proposed Features/Roadmap''.

''For information about contributing see DeepViolet's [https://github.com/spoofzu/DeepViolet/wiki/Contributing Contributing page] on GitHub.''

=Project About=

{{Template:Project About
| project_name = DeepViolet
| project_description = TLS/SSL scanning tool for the command line, desktop, and API to include in your programs.
| project_license = [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License 2.0]
| leader_name1 = Milton Smith
| leader_email1 = milton.smith@owasp.org
| leader_username1 = [https://www.owasp.org/index.php/User:Miltonsmith Miltonsmith]
| mailing_list_name =[https://lists.owasp.org/mailman/listinfo/deepviolet https://lists.owasp.org/mailman/listinfo/deepviolet]
}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Code]]

OWASP DeepViolet TLS/SSL Scanner

2016-09-12T22:51:05Z

Miltonsmith: /* Project Resources */

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP DeepViolet TLS/SSL Scanning API Project==

DeepViolet is a TLS/SSL scanning API written in Java. To keep DeepViolet easy to use, identify bugs, reference implementations have been developed that consume the API. If you want to see what DeepViolet can do, use it from the command line in your scripts or use the graphical tool from the comfort of your desktop. Both tools can be used to scan HTTPS web servers to check server certificate trust chains, revocation status, check certificates for pending expiration, weak signing algorithms and much more.

==How is DeepViolet Helpful?==

Already great tools exist today for TLS/SSL scanning like, [https://www.ssllabs.com/ssltest/index.html, Qualys Labs], [https://observatory.mozilla.org/, Mozilla Observatory], [https://www.openssl.org/, OpenSSL]. Why do I care about DeepViolet? A valid question and one I asked myself. Originally, DeepViolet was written as an educational tool. A tool to learn TLS/SSL protocols and some of the issues around recent attack trends better. The goal was not to develop a TLS/SSL scanner and compete with existing powerful tools. However, it turns out there are few choices for easy to use open source Java TLS/SSL scanning APIs. What better way to learn TLS/SSL and provide other scanning projects with a Java friendly API scanning solution - the DeepViolet project was born.

==Licensing==

This library is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License, Version 2.0]. You can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Quick Start ==

See project [https://github.com/spoofzu/DeepViolet GitHub home page]

== Project Resources ==

[https://github.com/spoofzu/DeepViolet Code] | [https://github.com/spoofzu/DeepViolet/releases Binaries] | [https://spoofzu.github.io/DeepViolet/ API JavaDocs]

[https://github.com/spoofzu/DeepViolet/issues Issue Tracker]

[https://github.com/spoofzu/DeepViolet/issues/5 Road Map(Beta 5)]

[https://groups.google.com/forum/#!forum/deepviolet-development DeepViolet Dev Group], ask questions

[https://twitter.com/deepvioletapi Twitter: @DeepVioletAPI]

==Requirements==

Java SE 8+

Tested on OS X and Windows

| valign="top" style="padding-left:25px;width:200px;" |

== Project Leader(s) ==

Milton Smith<br/>
[mailto:milton.smith@owasp.org email] [https://twitter.com/spoofzu/ twitter] [http://www.securitycurmudgeon.com/ blog ]

== Related Projects ==
[https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy Project]

[https://www.owasp.org/index.php/OWASP_Security_Logging_Project OWASP Security Logging Project]

== News and Events ==
* [17 May 2016] Beta4 Release Candidate is available for download. See [https://github.com/spoofzu/DeepViolet/releases/tag/1.4.000 release notes] for detail.
* [2 Sep 2016] Improving documentation and [https://github.com/spoofzu/DeepViolet/issues/5 roadmap for Beta5].

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

|}

= Acknowledgements =

==Many Thanks==

Many thanks around negotiating TLS/SSL handshake and cipher suite handling adapted from code examples by Thomas Pornin [mailto://pornin@bolet.org/ email]

==Volunteers==

Code is not the only way to contribute but code contributors are found on [https://github.com/spoofzu/DeepViolet/network/members GitHub Members].

= Road Map and Getting Involved =

==Roadmap==

This project is operational and includes a number of powerful features. The roadmap is managed via the projects GitHub site, [https://github.com/spoofzu/DeepViolet/issues DeepViolet Roadmap]. For example, at the time of this writing an issue has been created for Beta5 which is labeled, ''Beta5 Proposed Features/Roadmap''.

''For information about contributing see DeepViolet's [https://github.com/spoofzu/DeepViolet/wiki/Contributing Contributing page] on GitHub.''

=Project About=

{{Template:Project About
| project_name = DeepViolet
| project_description = TLS/SSL scanning tool for the command line, desktop, and API to include in your programs.
| project_license = [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License 2.0]
| leader_name1 = Milton Smith
| leader_email1 = milton.smith@owasp.org
| leader_username1 = [https://www.owasp.org/index.php/User:Miltonsmith Miltonsmith]
| mailing_list_name =[https://lists.owasp.org/mailman/listinfo/deepviolet https://lists.owasp.org/mailman/listinfo/deepviolet]
}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Code]]

OWASP DeepViolet TLS/SSL Scanner

2016-09-10T18:05:00Z

Miltonsmith:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP DeepViolet TLS/SSL Scanning API Project==

DeepViolet is a TLS/SSL scanning API written in Java. To keep DeepViolet easy to use, identify bugs, reference implementations have been developed that consume the API. If you want to see what DeepViolet can do, use it from the command line in your scripts or use the graphical tool from the comfort of your desktop. Both tools can be used to scan HTTPS web servers to check server certificate trust chains, revocation status, check certificates for pending expiration, weak signing algorithms and much more.

==How is DeepViolet Helpful?==

Already great tools exist today for TLS/SSL scanning like, [https://www.ssllabs.com/ssltest/index.html, Qualys Labs], [https://observatory.mozilla.org/, Mozilla Observatory], [https://www.openssl.org/, OpenSSL]. Why do I care about DeepViolet? A valid question and one I asked myself. Originally, DeepViolet was written as an educational tool. A tool to learn TLS/SSL protocols and some of the issues around recent attack trends better. The goal was not to develop a TLS/SSL scanner and compete with existing powerful tools. However, it turns out there are few choices for easy to use open source Java TLS/SSL scanning APIs. What better way to learn TLS/SSL and provide other scanning projects with a Java friendly API scanning solution - the DeepViolet project was born.

==Licensing==

This library is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License, Version 2.0]. You can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Quick Start ==

See project [https://github.com/spoofzu/DeepViolet GitHub home page]

== Project Resources ==

[https://github.com/spoofzu/DeepViolet Code] | [https://github.com/spoofzu/DeepViolet/releases Binaries] | [https://spoofzu.github.io/DeepViolet/ API JavaDocs]

[https://github.com/spoofzu/DeepViolet/issues Issue Tracker]

[https://github.com/spoofzu/DeepViolet/issues/5 Road Map(Beta 5)]

[https://groups.google.com/forum/#!forum/deepviolet-development DeepViolet Dev Group], ask questions

==Requirements==

Java SE 8+

Tested on OS X and Windows

| valign="top" style="padding-left:25px;width:200px;" |

== Project Leader(s) ==

Milton Smith<br/>
[mailto:milton.smith@owasp.org email] [https://twitter.com/spoofzu/ twitter] [http://www.securitycurmudgeon.com/ blog ]

== Related Projects ==
[https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy Project]

[https://www.owasp.org/index.php/OWASP_Security_Logging_Project OWASP Security Logging Project]

== News and Events ==
* [17 May 2016] Beta4 Release Candidate is available for download. See [https://github.com/spoofzu/DeepViolet/releases/tag/1.4.000 release notes] for detail.
* [2 Sep 2016] Improving documentation and [https://github.com/spoofzu/DeepViolet/issues/5 roadmap for Beta5].

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

|}

= Acknowledgements =

==Many Thanks==

Many thanks around negotiating TLS/SSL handshake and cipher suite handling adapted from code examples by Thomas Pornin [mailto://pornin@bolet.org/ email]

==Volunteers==

Code is not the only way to contribute but code contributors are found on [https://github.com/spoofzu/DeepViolet/network/members GitHub Members].

= Road Map and Getting Involved =

==Roadmap==

This project is operational and includes a number of powerful features. The roadmap is managed via the projects GitHub site, [https://github.com/spoofzu/DeepViolet/issues DeepViolet Roadmap]. For example, at the time of this writing an issue has been created for Beta5 which is labeled, ''Beta5 Proposed Features/Roadmap''.

''For information about contributing see DeepViolet's [https://github.com/spoofzu/DeepViolet/wiki/Contributing Contributing page] on GitHub.''

=Project About=

{{Template:Project About
| project_name = DeepViolet
| project_description = TLS/SSL scanning tool for the command line, desktop, and API to include in your programs.
| project_license = [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License 2.0]
| leader_name1 = Milton Smith
| leader_email1 = milton.smith@owasp.org
| leader_username1 = [https://www.owasp.org/index.php/User:Miltonsmith Miltonsmith]
| mailing_list_name =[https://lists.owasp.org/mailman/listinfo/deepviolet https://lists.owasp.org/mailman/listinfo/deepviolet]
}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Code]]

OWASP DeepViolet TLS/SSL Scanner

2016-09-09T18:44:15Z

Miltonsmith: /* Project Resources */

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP DeepViolet TLS/SSL Scanner Code Project==

DeepViolet is a TLS/SSL scanning API written in Java. To keep DeepViolet easy to use, identify bugs, reference implementations have been developed that consume the API. If you want to see what DeepViolet can do, use it from the command line in your scripts or use the graphical tool from the comfort of your desktop. Both tools can be used to scan HTTPS web servers to check server certificate trust chains, revocation status, check certificates for pending expiration, weak signing algorithms and much more.

==How is DeepViolet Helpful?==

Already great tools exist today for TLS/SSL scanning like, [https://www.ssllabs.com/ssltest/index.html, Qualys Labs], [https://observatory.mozilla.org/, Mozilla Observatory], [https://www.openssl.org/, OpenSSL]. Why do I care about DeepViolet? A valid question and one I asked myself. Originally, DeepViolet was written as an educational tool. A tool to learn TLS/SSL protocols and some of the issues around recent attack trends better. The goal was not to develop a TLS/SSL scanner and compete with existing powerful tools. However, it turns out there are few choices for easy to use open source Java TLS/SSL scanning APIs. What better way to learn TLS/SSL and provide other scanning projects with a Java friendly API scanning solution - the DeepViolet project was born.

==Licensing==

This library is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License, Version 2.0]. You can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Quick Start ==

See project [https://github.com/spoofzu/DeepViolet GitHub home page]

== Project Resources ==

[https://github.com/spoofzu/DeepViolet Code] | [https://github.com/spoofzu/DeepViolet/releases Binaries] | [https://spoofzu.github.io/DeepViolet/ API JavaDocs]

[https://github.com/spoofzu/DeepViolet/issues Issue Tracker]

[https://github.com/spoofzu/DeepViolet/issues/5 Road Map(Beta 5)]

[https://groups.google.com/forum/#!forum/deepviolet-development DeepViolet Dev Group], ask questions

==Requirements==

Java SE 8+

Tested on OS X and Windows

| valign="top" style="padding-left:25px;width:200px;" |

== Project Leader(s) ==

Milton Smith<br/>
[mailto:milton.smith@owasp.org email] [https://twitter.com/spoofzu/ twitter] [http://www.securitycurmudgeon.com/ blog ]

== Related Projects ==
[https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy Project]

[https://www.owasp.org/index.php/OWASP_Security_Logging_Project OWASP Security Logging Project]

== News and Events ==
* [17 May 2016] Beta4 Release Candidate is available for download. See [https://github.com/spoofzu/DeepViolet/releases/tag/1.4.000 release notes] for detail.
* [2 Sep 2016] Improving documentation and [https://github.com/spoofzu/DeepViolet/issues/5 roadmap for Beta5].

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

|}

= Acknowledgements =

==Many Thanks==

Many thanks around negotiating TLS/SSL handshake and cipher suite handling adapted from code examples by Thomas Pornin [mailto://pornin@bolet.org/ email]

==Volunteers==

Code is not the only way to contribute but code contributors are found on [https://github.com/spoofzu/DeepViolet/network/members GitHub Members].

= Road Map and Getting Involved =

==Roadmap==

This project is operational and includes a number of powerful features. The roadmap is managed via the projects GitHub site, [https://github.com/spoofzu/DeepViolet/issues DeepViolet Roadmap]. For example, at the time of this writing an issue has been created for Beta5 which is labeled, ''Beta5 Proposed Features/Roadmap''.

''For information about contributing see DeepViolet's [https://github.com/spoofzu/DeepViolet/wiki/Contributing Contributing page] on GitHub.''

=Project About=

{{Template:Project About
| project_name = DeepViolet
| project_description = TLS/SSL scanning tool for the command line, desktop, and API to include in your programs.
| project_license = [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License 2.0]
| leader_name1 = Milton Smith
| leader_email1 = milton.smith@owasp.org
| leader_username1 = [https://www.owasp.org/index.php/User:Miltonsmith Miltonsmith]
| mailing_list_name =[https://lists.owasp.org/mailman/listinfo/deepviolet https://lists.owasp.org/mailman/listinfo/deepviolet]
}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Code]]

OWASP DeepViolet TLS/SSL Scanner

2016-09-02T21:42:02Z

Miltonsmith:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP DeepViolet TLS/SSL Scanner Code Project==

DeepViolet is a TLS/SSL scanning API written in Java. To keep DeepViolet easy to use, identify bugs, reference implementations have been developed that consume the API. If you want to see what DeepViolet can do, use it from the command line in your scripts or use the graphical tool from the comfort of your desktop. Both tools can be used to scan HTTPS web servers to check server certificate trust chains, revocation status, check certificates for pending expiration, weak signing algorithms and much more.

==How is DeepViolet Helpful?==

Already great tools exist today for TLS/SSL scanning like, [https://www.ssllabs.com/ssltest/index.html, Qualys Labs], [https://observatory.mozilla.org/, Mozilla Observatory], [https://www.openssl.org/, OpenSSL]. Why do I care about DeepViolet? A valid question and one I asked myself. Originally, DeepViolet was written as an educational tool. A tool to learn TLS/SSL protocols and some of the issues around recent attack trends better. The goal was not to develop a TLS/SSL scanner and compete with existing powerful tools. However, it turns out there are few choices for easy to use open source Java TLS/SSL scanning APIs. What better way to learn TLS/SSL and provide other scanning projects with a Java friendly API scanning solution - the DeepViolet project was born.

==Licensing==

This library is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License, Version 2.0]. You can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Quick Start ==

See project [https://github.com/spoofzu/DeepViolet GitHub home page]

== Project Resources ==

[https://github.com/spoofzu/Source Code] | [https://github.com/spoofzu/DeepViolet/releases Binaries] | [https://spoofzu.github.io/DeepViolet/ API JavaDocs]

[https://github.com/spoofzu/DeepViolet/issues Issue Tracker]

[https://github.com/spoofzu/DeepViolet/issues/5 Road Map(Beta 5)]

[https://groups.google.com/forum/#!forum/deepviolet-development DeepViolet Dev Group], ask questions

==Requirements==

Java SE 8+

Tested on OS X and Windows

| valign="top" style="padding-left:25px;width:200px;" |

== Project Leader(s) ==

Milton Smith<br/>
[mailto:milton.smith@owasp.org email] [https://twitter.com/spoofzu/ twitter] [http://www.securitycurmudgeon.com/ blog ]

== Related Projects ==
[https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy Project]

[https://www.owasp.org/index.php/OWASP_Security_Logging_Project OWASP Security Logging Project]

== News and Events ==
* [17 May 2016] Beta4 Release Candidate is available for download. See [https://github.com/spoofzu/DeepViolet/releases/tag/1.4.000 release notes] for detail.
* [2 Sep 2016] Improving documentation and [https://github.com/spoofzu/DeepViolet/issues/5 roadmap for Beta5].

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

|}

= Acknowledgements =

==Many Thanks==

Many thanks around negotiating TLS/SSL handshake and cipher suite handling adapted from code examples by Thomas Pornin [mailto://pornin@bolet.org/ email]

==Volunteers==

Code is not the only way to contribute but code contributors are found on [https://github.com/spoofzu/DeepViolet/network/members GitHub Members].

= Road Map and Getting Involved =

==Roadmap==

This project is operational and includes a number of powerful features. The roadmap is managed via the projects GitHub site, [https://github.com/spoofzu/DeepViolet/issues DeepViolet Roadmap]. For example, at the time of this writing an issue has been created for Beta5 which is labeled, ''Beta5 Proposed Features/Roadmap''.

''For information about contributing see DeepViolet's [https://github.com/spoofzu/DeepViolet/wiki/Contributing Contributing page] on GitHub.''

=Project About=

{{Template:Project About
| project_name = DeepViolet
| project_description = TLS/SSL scanning tool for the command line, desktop, and API to include in your programs.
| project_license = [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License 2.0]
| leader_name1 = Milton Smith
| leader_email1 = milton.smith@owasp.org
| leader_username1 = [https://www.owasp.org/index.php/User:Miltonsmith Miltonsmith]
| mailing_list_name =[https://lists.owasp.org/mailman/listinfo/deepviolet https://lists.owasp.org/mailman/listinfo/deepviolet]
}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Code]]

OWASP DeepViolet TLS/SSL Scanner

2016-09-02T21:40:19Z

Miltonsmith: /* News and Events */

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP DeepViolet TLS/SSL Scanner Code Project==

DeepViolet is a TLS/SSL scanning API written in Java. To keep DeepViolet easy to use, identify bugs, reference implementations have been developed that consume the API. If you want to see what DeepViolet can do, use it from the command line in your scripts or use the graphical tool from the comfort of your desktop. Both tools can be used to scan HTTPS web servers to check server certificate trust chains, revocation status, check certificates for pending expiration, weak signing algorithms and much more.

==How is DeepViolet Helpful?==

Already great tools exist today for TLS/SSL scanning like, [https://www.ssllabs.com/ssltest/index.html, Qualys Labs], [https://observatory.mozilla.org/, Mozilla Observatory], [https://www.openssl.org/, OpenSSL]. Why do I care about DeepViolet? A valid question and one I asked myself. Originally, DeepViolet was written as an educational tool. A tool to learn TLS/SSL protocols and some of the issues around recent attack trends better. The goal was not to develop a TLS/SSL scanner and compete with existing powerful tools. However, it turns out there are few choices for easy to use open source Java TLS/SSL scanning APIs. What better way to learn TLS/SSL and provide other scanning projects with a Java friendly API scanning solution - the DeepViolet project was born.

==Licensing==

This library is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License, Version 2.0]. You can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Quick Start ==

See project [https://github.com/spoofzu/DeepViolet GitHub home page]

== Project Resources ==

[https://github.com/spoofzu/Source Code] | [https://github.com/spoofzu/DeepViolet/releases Binaries] | [https://spoofzu.github.io/DeepViolet/ API JavaDocs]

[https://github.com/spoofzu/DeepViolet/issues Issue Tracker]

[https://github.com/spoofzu/DeepViolet/issues/5 Road Map(Beta 5)]

[https://groups.google.com/forum/#!forum/deepviolet-development DeepViolet Dev Group], ask questions

==Requirements==

Java SE 8+

Tested on OS X and Windows

| valign="top" style="padding-left:25px;width:200px;" |

== Project Leader(s) ==

Milton Smith<br/>
[mailto:milton.smith@owasp.org email] [https://twitter.com/spoofzu/ twitter] [http://www.securitycurmudgeon.com/ blog ]

== Related Projects ==
[https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy Project]

[https://www.owasp.org/index.php/OWASP_Security_Logging_Project OWASP Security Logging Project]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

== News and Events ==
* [17 May 2016] Beta4 Release Candidate is available for download. See [https://github.com/spoofzu/DeepViolet/releases/tag/1.4.000 release notes] for detail.
* [2 Sep 2016] Improving documentation and [https://github.com/spoofzu/DeepViolet/issues/5 roadmap for Beta5].
|}

= Acknowledgements =

==Many Thanks==

Many thanks around negotiating TLS/SSL handshake and cipher suite handling adapted from code examples by Thomas Pornin [mailto://pornin@bolet.org/ email]

==Volunteers==

Code is not the only way to contribute but code contributors are found on [https://github.com/spoofzu/DeepViolet/network/members GitHub Members].

= Road Map and Getting Involved =

==Roadmap==

This project is operational and includes a number of powerful features. The roadmap is managed via the projects GitHub site, [https://github.com/spoofzu/DeepViolet/issues DeepViolet Roadmap]. For example, at the time of this writing an issue has been created for Beta5 which is labeled, ''Beta5 Proposed Features/Roadmap''.

''For information about contributing see DeepViolet's [https://github.com/spoofzu/DeepViolet/wiki/Contributing Contributing page] on GitHub.''

=Project About=

{{Template:Project About
| project_name = DeepViolet
| project_description = TLS/SSL scanning tool for the command line, desktop, and API to include in your programs.
| project_license = [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License 2.0]
| leader_name1 = Milton Smith
| leader_email1 = milton.smith@owasp.org
| leader_username1 = [https://www.owasp.org/index.php/User:Miltonsmith Miltonsmith]
| mailing_list_name =[https://lists.owasp.org/mailman/listinfo/deepviolet https://lists.owasp.org/mailman/listinfo/deepviolet]
}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Code]]

OWASP DeepViolet TLS/SSL Scanner

2016-09-02T21:37:37Z

Miltonsmith:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP DeepViolet TLS/SSL Scanner Code Project==

DeepViolet is a TLS/SSL scanning API written in Java. To keep DeepViolet easy to use, identify bugs, reference implementations have been developed that consume the API. If you want to see what DeepViolet can do, use it from the command line in your scripts or use the graphical tool from the comfort of your desktop. Both tools can be used to scan HTTPS web servers to check server certificate trust chains, revocation status, check certificates for pending expiration, weak signing algorithms and much more.

==How is DeepViolet Helpful?==

Already great tools exist today for TLS/SSL scanning like, [https://www.ssllabs.com/ssltest/index.html, Qualys Labs], [https://observatory.mozilla.org/, Mozilla Observatory], [https://www.openssl.org/, OpenSSL]. Why do I care about DeepViolet? A valid question and one I asked myself. Originally, DeepViolet was written as an educational tool. A tool to learn TLS/SSL protocols and some of the issues around recent attack trends better. The goal was not to develop a TLS/SSL scanner and compete with existing powerful tools. However, it turns out there are few choices for easy to use open source Java TLS/SSL scanning APIs. What better way to learn TLS/SSL and provide other scanning projects with a Java friendly API scanning solution - the DeepViolet project was born.

==Licensing==

This library is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License, Version 2.0]. You can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Quick Start ==

See project [https://github.com/spoofzu/DeepViolet GitHub home page]

== Project Resources ==

[https://github.com/spoofzu/Source Code] | [https://github.com/spoofzu/DeepViolet/releases Binaries] | [https://spoofzu.github.io/DeepViolet/ API JavaDocs]

[https://github.com/spoofzu/DeepViolet/issues Issue Tracker]

[https://github.com/spoofzu/DeepViolet/issues/5 Road Map(Beta 5)]

[https://groups.google.com/forum/#!forum/deepviolet-development DeepViolet Dev Group], ask questions

==Requirements==

Java SE 8+

Tested on OS X and Windows

| valign="top" style="padding-left:25px;width:200px;" |

== Project Leader(s) ==

Milton Smith<br/>
[mailto:milton.smith@owasp.org email] [https://twitter.com/spoofzu/ twitter] [http://www.securitycurmudgeon.com/ blog ]

== Related Projects ==
[https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy Project]

[https://www.owasp.org/index.php/OWASP_Security_Logging_Project OWASP Security Logging Project]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

== News and Events ==
* [17 May 2016] Beta4 Release Candidate is available for download. See [https://github.com/spoofzu/DeepViolet/releases/tag/1.4.000 release notes] for detail.

|}

= Acknowledgements =

==Many Thanks==

Many thanks around negotiating TLS/SSL handshake and cipher suite handling adapted from code examples by Thomas Pornin [mailto://pornin@bolet.org/ email]

==Volunteers==

Code is not the only way to contribute but code contributors are found on [https://github.com/spoofzu/DeepViolet/network/members GitHub Members].

= Road Map and Getting Involved =

==Roadmap==

This project is operational and includes a number of powerful features. The roadmap is managed via the projects GitHub site, [https://github.com/spoofzu/DeepViolet/issues DeepViolet Roadmap]. For example, at the time of this writing an issue has been created for Beta5 which is labeled, ''Beta5 Proposed Features/Roadmap''.

''For information about contributing see DeepViolet's [https://github.com/spoofzu/DeepViolet/wiki/Contributing Contributing page] on GitHub.''

=Project About=

{{Template:Project About
| project_name = DeepViolet
| project_description = TLS/SSL scanning tool for the command line, desktop, and API to include in your programs.
| project_license = [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License 2.0]
| leader_name1 = Milton Smith
| leader_email1 = milton.smith@owasp.org
| leader_username1 = [https://www.owasp.org/index.php/User:Miltonsmith Miltonsmith]
| mailing_list_name =[https://lists.owasp.org/mailman/listinfo/deepviolet https://lists.owasp.org/mailman/listinfo/deepviolet]
}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Code]]

OWASP DeepViolet TLS/SSL Scanner

2016-09-02T21:36:17Z

Miltonsmith: /* Road Map and Getting Involved */

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP DeepViolet TLS/SSL Scanner Code Project==

DeepViolet is a TLS/SSL scanning API written in Java. To keep DeepViolet easy to use, identify bugs, reference implementations have been developed that consume the API. If you want to see what DeepViolet can do, use it from the command line in your scripts or use the graphical tool from the comfort of your desktop. Both tools can be used to scan HTTPS web servers to check server certificate trust chains, revocation status, check certificates for pending expiration, weak signing algorithms and much more.

==How is DeepViolet Helpful?==

Already great tools exist today for TLS/SSL scanning like, [https://www.ssllabs.com/ssltest/index.html, Qualys Labs], [https://observatory.mozilla.org/, Mozilla Observatory], [https://www.openssl.org/, OpenSSL]. Why do I care about DeepViolet? A valid question and one I asked myself. Originally, DeepViolet was written as an educational tool. A tool to learn TLS/SSL protocols and some of the issues around recent attack trends better. The goal was not to develop a TLS/SSL scanner and compete with existing powerful tools. However, it turns out there are few choices for easy to use open source Java TLS/SSL scanning APIs. What better way to learn TLS/SSL and provide other scanning projects with a Java friendly API scanning solution - the DeepViolet project was born.

==Licensing==

This library is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License, Version 2.0]. You can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Quick Start ==

See project [https://github.com/spoofzu/DeepViolet GitHub home page]

== Project Resources ==

[https://github.com/spoofzu/Source Code] | [https://github.com/spoofzu/DeepViolet/releases Binaries] | [https://spoofzu.github.io/DeepViolet/ API JavaDocs]

[https://github.com/spoofzu/DeepViolet/issues Issue Tracker]

[https://github.com/spoofzu/DeepViolet/issues/5 Road Map(Beta 5)]

[https://groups.google.com/forum/#!forum/deepviolet-development DeepViolet Dev Group], ask questions

==Requirements==

Java SE 8+

Tested on OS X and Windows

| valign="top" style="padding-left:25px;width:200px;" |

== Project Leader(s) ==

Milton Smith<br/>
[mailto:milton.smith@owasp.org email] [https://twitter.com/spoofzu/ twitter] [http://www.securitycurmudgeon.com/ blog ]

== Related Projects ==
[https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy Project]

[https://www.owasp.org/index.php/OWASP_Security_Logging_Project OWASP Security Logging Project]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

== News and Events ==
* [17 May 2016] Beta4 Release Candidate is available for download. See [https://github.com/spoofzu/DeepViolet/releases/tag/1.4.000 release notes] for detail.

|}

=FAQs=
Following are various frequently asked questions.

==How can I participate in your project?==
Inform a Project Leader how you wish to contribute, your level of intended commitment, and how what you want to do aligns with project goals and milestones. There are many different ways you can contribute to an OWASP Project and communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator.

''Additional FAQ's can be found on the projects [https://github.com/spoofzu/DeepViolet/wiki/Frequently-Asked-Questions GitHub FAQ area].''

= Acknowledgements =

==Many Thanks==

Many thanks around negotiating TLS/SSL handshake and cipher suite handling adapted from code examples by Thomas Pornin [mailto://pornin@bolet.org/ email]

==Volunteers==

Code is not the only way to contribute but code contributors are found on [https://github.com/spoofzu/DeepViolet/network/members GitHub Members].

= Road Map and Getting Involved =

==Roadmap==

This project is operational and includes a number of powerful features. The roadmap is managed via the projects GitHub site, [https://github.com/spoofzu/DeepViolet/issues DeepViolet Roadmap]. For example, at the time of this writing an issue has been created for Beta5 which is labeled, ''Beta5 Proposed Features/Roadmap''.

''For information about contributing see DeepViolet's [https://github.com/spoofzu/DeepViolet/wiki/Contributing Contributing page] on GitHub.''

=Project About=

{{Template:Project About
| project_name = DeepViolet
| project_description = TLS/SSL scanning tool for the command line, desktop, and API to include in your programs.
| project_license = [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License 2.0]
| leader_name1 = Milton Smith
| leader_email1 = milton.smith@owasp.org
| leader_username1 = [https://www.owasp.org/index.php/User:Miltonsmith Miltonsmith]
| mailing_list_name =[https://lists.owasp.org/mailman/listinfo/deepviolet https://lists.owasp.org/mailman/listinfo/deepviolet]
}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Code]]

OWASP DeepViolet TLS/SSL Scanner

2016-09-02T20:37:00Z

Miltonsmith: /* Roadmap */

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP DeepViolet TLS/SSL Scanner Code Project==

DeepViolet is a TLS/SSL scanning API written in Java. To keep DeepViolet easy to use, identify bugs, reference implementations have been developed that consume the API. If you want to see what DeepViolet can do, use it from the command line in your scripts or use the graphical tool from the comfort of your desktop. Both tools can be used to scan HTTPS web servers to check server certificate trust chains, revocation status, check certificates for pending expiration, weak signing algorithms and much more.

==How is DeepViolet Helpful?==

Already great tools exist today for TLS/SSL scanning like, [https://www.ssllabs.com/ssltest/index.html, Qualys Labs], [https://observatory.mozilla.org/, Mozilla Observatory], [https://www.openssl.org/, OpenSSL]. Why do I care about DeepViolet? A valid question and one I asked myself. Originally, DeepViolet was written as an educational tool. A tool to learn TLS/SSL protocols and some of the issues around recent attack trends better. The goal was not to develop a TLS/SSL scanner and compete with existing powerful tools. However, it turns out there are few choices for easy to use open source Java TLS/SSL scanning APIs. What better way to learn TLS/SSL and provide other scanning projects with a Java friendly API scanning solution - the DeepViolet project was born.

==Licensing==

This library is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License, Version 2.0]. You can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Quick Start ==

See project [https://github.com/spoofzu/DeepViolet GitHub home page]

== Project Resources ==

[https://github.com/spoofzu/Source Code] | [https://github.com/spoofzu/DeepViolet/releases Binaries] | [https://spoofzu.github.io/DeepViolet/ API JavaDocs]

[https://github.com/spoofzu/DeepViolet/issues Issue Tracker]

[https://github.com/spoofzu/DeepViolet/issues/5 Road Map(Beta 5)]

[https://groups.google.com/forum/#!forum/deepviolet-development DeepViolet Dev Group], ask questions

==Requirements==

Java SE 8+

Tested on OS X and Windows

| valign="top" style="padding-left:25px;width:200px;" |

== Project Leader(s) ==

Milton Smith<br/>
[mailto:milton.smith@owasp.org email] [https://twitter.com/spoofzu/ twitter] [http://www.securitycurmudgeon.com/ blog ]

== Related Projects ==
[https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy Project]

[https://www.owasp.org/index.php/OWASP_Security_Logging_Project OWASP Security Logging Project]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

== News and Events ==
* [17 May 2016] Beta4 Release Candidate is available for download. See [https://github.com/spoofzu/DeepViolet/releases/tag/1.4.000 release notes] for detail.

|}

=FAQs=
Following are various frequently asked questions.

==How can I participate in your project?==
Inform a Project Leader how you wish to contribute, your level of intended commitment, and how what you want to do aligns with project goals and milestones. There are many different ways you can contribute to an OWASP Project and communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator.

''Additional FAQ's can be found on the projects [https://github.com/spoofzu/DeepViolet/wiki/Frequently-Asked-Questions GitHub FAQ area].''

= Acknowledgements =

==Many Thanks==

Many thanks around negotiating TLS/SSL handshake and cipher suite handling adapted from code examples by Thomas Pornin [mailto://pornin@bolet.org/ email]

==Volunteers==

Code is not the only way to contribute but code contributors are found on [https://github.com/spoofzu/DeepViolet/network/members GitHub Members].

= Road Map and Getting Involved =

==Roadmap==

This project is operational and includes a number of powerful features. The roadmap is managed via the projects GitHub site, [https://github.com/spoofzu/DeepViolet/issues DeepViolet Roadmap]. For example, at the time of this writing an issue has been created for Beta5 which is labeled, ''Beta5 Proposed Features/Roadmap''.

''See GitHub for further details.''

==Getting Involved==
You do not have to be a security expert or a programmer to contribute. Some of the ways you can help are as follows:

===Coding===
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests
===Localization===
Are you fluent in another language? Can you help translate the text strings in the <strong>Code Project Template</strong> into that language?
===Testing===
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.
===Build Management===
Are you a GitHub ninja? Into build management, setting up GitHub badges, Travis CI, etc. Let us know if you can offer your help.
===Feedback===
We are open to any thoughts you have to improve DeepViolet. When you propose your idea be sure to include how you can help. Ideas are great but execution is king. Please send your comments or ideas to the project leader(s) or post it as a [https://github.com/spoofzu/DeepViolet/issues project issue].

=Project About=

{{Template:Project About
| project_name = DeepViolet
| project_description = TLS/SSL scanning tool for the command line, desktop, and API to include in your programs.
| project_license = [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License 2.0]
| leader_name1 = Milton Smith
| leader_email1 = milton.smith@owasp.org
| leader_username1 = [https://www.owasp.org/index.php/User:Miltonsmith Miltonsmith]
| mailing_list_name =[https://lists.owasp.org/mailman/listinfo/deepviolet https://lists.owasp.org/mailman/listinfo/deepviolet]
}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Code]]

OWASP DeepViolet TLS/SSL Scanner

2016-09-02T20:34:51Z

Miltonsmith: /* Acknowledgements */

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP DeepViolet TLS/SSL Scanner Code Project==

DeepViolet is a TLS/SSL scanning API written in Java. To keep DeepViolet easy to use, identify bugs, reference implementations have been developed that consume the API. If you want to see what DeepViolet can do, use it from the command line in your scripts or use the graphical tool from the comfort of your desktop. Both tools can be used to scan HTTPS web servers to check server certificate trust chains, revocation status, check certificates for pending expiration, weak signing algorithms and much more.

==How is DeepViolet Helpful?==

Already great tools exist today for TLS/SSL scanning like, [https://www.ssllabs.com/ssltest/index.html, Qualys Labs], [https://observatory.mozilla.org/, Mozilla Observatory], [https://www.openssl.org/, OpenSSL]. Why do I care about DeepViolet? A valid question and one I asked myself. Originally, DeepViolet was written as an educational tool. A tool to learn TLS/SSL protocols and some of the issues around recent attack trends better. The goal was not to develop a TLS/SSL scanner and compete with existing powerful tools. However, it turns out there are few choices for easy to use open source Java TLS/SSL scanning APIs. What better way to learn TLS/SSL and provide other scanning projects with a Java friendly API scanning solution - the DeepViolet project was born.

==Licensing==

This library is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License, Version 2.0]. You can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Quick Start ==

See project [https://github.com/spoofzu/DeepViolet GitHub home page]

== Project Resources ==

[https://github.com/spoofzu/Source Code] | [https://github.com/spoofzu/DeepViolet/releases Binaries] | [https://spoofzu.github.io/DeepViolet/ API JavaDocs]

[https://github.com/spoofzu/DeepViolet/issues Issue Tracker]

[https://github.com/spoofzu/DeepViolet/issues/5 Road Map(Beta 5)]

[https://groups.google.com/forum/#!forum/deepviolet-development DeepViolet Dev Group], ask questions

==Requirements==

Java SE 8+

Tested on OS X and Windows

| valign="top" style="padding-left:25px;width:200px;" |

== Project Leader(s) ==

Milton Smith<br/>
[mailto:milton.smith@owasp.org email] [https://twitter.com/spoofzu/ twitter] [http://www.securitycurmudgeon.com/ blog ]

== Related Projects ==
[https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy Project]

[https://www.owasp.org/index.php/OWASP_Security_Logging_Project OWASP Security Logging Project]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

== News and Events ==
* [17 May 2016] Beta4 Release Candidate is available for download. See [https://github.com/spoofzu/DeepViolet/releases/tag/1.4.000 release notes] for detail.

|}

=FAQs=
Following are various frequently asked questions.

==How can I participate in your project?==
Inform a Project Leader how you wish to contribute, your level of intended commitment, and how what you want to do aligns with project goals and milestones. There are many different ways you can contribute to an OWASP Project and communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator.

''Additional FAQ's can be found on the projects [https://github.com/spoofzu/DeepViolet/wiki/Frequently-Asked-Questions GitHub FAQ area].''

= Acknowledgements =

==Many Thanks==

Many thanks around negotiating TLS/SSL handshake and cipher suite handling adapted from code examples by Thomas Pornin [mailto://pornin@bolet.org/ email]

==Volunteers==

Code is not the only way to contribute but code contributors are found on [https://github.com/spoofzu/DeepViolet/network/members GitHub Members].

= Road Map and Getting Involved =

==Roadmap==

This project is operational and includes a number of powerful features. The roadmap is managed via the projects GitHub site, [https://github.com/spoofzu/DeepViolet/issues DeepViolet Roadmap]. Project roadmap is tracked as GitHub project issues and labeled accordingly. For example, at the time of this writing an issue has been created for Beta5 which is labeled, ''Beta5 Proposed Features/Roadmap''.

==Getting Involved==
You do not have to be a security expert or a programmer to contribute. Some of the ways you can help are as follows:

===Coding===
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests
===Localization===
Are you fluent in another language? Can you help translate the text strings in the <strong>Code Project Template</strong> into that language?
===Testing===
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.
===Build Management===
Are you a GitHub ninja? Into build management, setting up GitHub badges, Travis CI, etc. Let us know if you can offer your help.
===Feedback===
We are open to any thoughts you have to improve DeepViolet. When you propose your idea be sure to include how you can help. Ideas are great but execution is king. Please send your comments or ideas to the project leader(s) or post it as a [https://github.com/spoofzu/DeepViolet/issues project issue].

=Project About=

{{Template:Project About
| project_name = DeepViolet
| project_description = TLS/SSL scanning tool for the command line, desktop, and API to include in your programs.
| project_license = [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License 2.0]
| leader_name1 = Milton Smith
| leader_email1 = milton.smith@owasp.org
| leader_username1 = [https://www.owasp.org/index.php/User:Miltonsmith Miltonsmith]
| mailing_list_name =[https://lists.owasp.org/mailman/listinfo/deepviolet https://lists.owasp.org/mailman/listinfo/deepviolet]
}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Code]]

OWASP DeepViolet TLS/SSL Scanner

2016-09-02T20:34:16Z

Miltonsmith: /* FAQs */

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP DeepViolet TLS/SSL Scanner Code Project==

DeepViolet is a TLS/SSL scanning API written in Java. To keep DeepViolet easy to use, identify bugs, reference implementations have been developed that consume the API. If you want to see what DeepViolet can do, use it from the command line in your scripts or use the graphical tool from the comfort of your desktop. Both tools can be used to scan HTTPS web servers to check server certificate trust chains, revocation status, check certificates for pending expiration, weak signing algorithms and much more.

==How is DeepViolet Helpful?==

Already great tools exist today for TLS/SSL scanning like, [https://www.ssllabs.com/ssltest/index.html, Qualys Labs], [https://observatory.mozilla.org/, Mozilla Observatory], [https://www.openssl.org/, OpenSSL]. Why do I care about DeepViolet? A valid question and one I asked myself. Originally, DeepViolet was written as an educational tool. A tool to learn TLS/SSL protocols and some of the issues around recent attack trends better. The goal was not to develop a TLS/SSL scanner and compete with existing powerful tools. However, it turns out there are few choices for easy to use open source Java TLS/SSL scanning APIs. What better way to learn TLS/SSL and provide other scanning projects with a Java friendly API scanning solution - the DeepViolet project was born.

==Licensing==

This library is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License, Version 2.0]. You can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Quick Start ==

See project [https://github.com/spoofzu/DeepViolet GitHub home page]

== Project Resources ==

[https://github.com/spoofzu/Source Code] | [https://github.com/spoofzu/DeepViolet/releases Binaries] | [https://spoofzu.github.io/DeepViolet/ API JavaDocs]

[https://github.com/spoofzu/DeepViolet/issues Issue Tracker]

[https://github.com/spoofzu/DeepViolet/issues/5 Road Map(Beta 5)]

[https://groups.google.com/forum/#!forum/deepviolet-development DeepViolet Dev Group], ask questions

==Requirements==

Java SE 8+

Tested on OS X and Windows

| valign="top" style="padding-left:25px;width:200px;" |

== Project Leader(s) ==

Milton Smith<br/>
[mailto:milton.smith@owasp.org email] [https://twitter.com/spoofzu/ twitter] [http://www.securitycurmudgeon.com/ blog ]

== Related Projects ==
[https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy Project]

[https://www.owasp.org/index.php/OWASP_Security_Logging_Project OWASP Security Logging Project]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

== News and Events ==
* [17 May 2016] Beta4 Release Candidate is available for download. See [https://github.com/spoofzu/DeepViolet/releases/tag/1.4.000 release notes] for detail.

|}

=FAQs=
Following are various frequently asked questions.

==How can I participate in your project?==
Inform a Project Leader how you wish to contribute, your level of intended commitment, and how what you want to do aligns with project goals and milestones. There are many different ways you can contribute to an OWASP Project and communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator.

''Additional FAQ's can be found on the projects [https://github.com/spoofzu/DeepViolet/wiki/Frequently-Asked-Questions GitHub FAQ area].''

= Acknowledgements =

==Many Thanks==

Many thanks around negotiating TLS/SSL handshake and cipher suite handling adapted from code examples by Thomas Pornin [mailto://pornin@bolet.org/ email]

==Volunteers==

Code is not the only way to contribute but code contributions are found on [https://github.com/spoofzu/DeepViolet/network/members GitHub Members].

= Road Map and Getting Involved =

==Roadmap==

This project is operational and includes a number of powerful features. The roadmap is managed via the projects GitHub site, [https://github.com/spoofzu/DeepViolet/issues DeepViolet Roadmap]. Project roadmap is tracked as GitHub project issues and labeled accordingly. For example, at the time of this writing an issue has been created for Beta5 which is labeled, ''Beta5 Proposed Features/Roadmap''.

==Getting Involved==
You do not have to be a security expert or a programmer to contribute. Some of the ways you can help are as follows:

===Coding===
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests
===Localization===
Are you fluent in another language? Can you help translate the text strings in the <strong>Code Project Template</strong> into that language?
===Testing===
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.
===Build Management===
Are you a GitHub ninja? Into build management, setting up GitHub badges, Travis CI, etc. Let us know if you can offer your help.
===Feedback===
We are open to any thoughts you have to improve DeepViolet. When you propose your idea be sure to include how you can help. Ideas are great but execution is king. Please send your comments or ideas to the project leader(s) or post it as a [https://github.com/spoofzu/DeepViolet/issues project issue].

=Project About=

{{Template:Project About
| project_name = DeepViolet
| project_description = TLS/SSL scanning tool for the command line, desktop, and API to include in your programs.
| project_license = [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License 2.0]
| leader_name1 = Milton Smith
| leader_email1 = milton.smith@owasp.org
| leader_username1 = [https://www.owasp.org/index.php/User:Miltonsmith Miltonsmith]
| mailing_list_name =[https://lists.owasp.org/mailman/listinfo/deepviolet https://lists.owasp.org/mailman/listinfo/deepviolet]
}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Code]]

OWASP DeepViolet TLS/SSL Scanner

2016-09-02T20:33:54Z

Miltonsmith: /* FAQs */

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP DeepViolet TLS/SSL Scanner Code Project==

DeepViolet is a TLS/SSL scanning API written in Java. To keep DeepViolet easy to use, identify bugs, reference implementations have been developed that consume the API. If you want to see what DeepViolet can do, use it from the command line in your scripts or use the graphical tool from the comfort of your desktop. Both tools can be used to scan HTTPS web servers to check server certificate trust chains, revocation status, check certificates for pending expiration, weak signing algorithms and much more.

==How is DeepViolet Helpful?==

Already great tools exist today for TLS/SSL scanning like, [https://www.ssllabs.com/ssltest/index.html, Qualys Labs], [https://observatory.mozilla.org/, Mozilla Observatory], [https://www.openssl.org/, OpenSSL]. Why do I care about DeepViolet? A valid question and one I asked myself. Originally, DeepViolet was written as an educational tool. A tool to learn TLS/SSL protocols and some of the issues around recent attack trends better. The goal was not to develop a TLS/SSL scanner and compete with existing powerful tools. However, it turns out there are few choices for easy to use open source Java TLS/SSL scanning APIs. What better way to learn TLS/SSL and provide other scanning projects with a Java friendly API scanning solution - the DeepViolet project was born.

==Licensing==

This library is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License, Version 2.0]. You can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Quick Start ==

See project [https://github.com/spoofzu/DeepViolet GitHub home page]

== Project Resources ==

[https://github.com/spoofzu/Source Code] | [https://github.com/spoofzu/DeepViolet/releases Binaries] | [https://spoofzu.github.io/DeepViolet/ API JavaDocs]

[https://github.com/spoofzu/DeepViolet/issues Issue Tracker]

[https://github.com/spoofzu/DeepViolet/issues/5 Road Map(Beta 5)]

[https://groups.google.com/forum/#!forum/deepviolet-development DeepViolet Dev Group], ask questions

==Requirements==

Java SE 8+

Tested on OS X and Windows

| valign="top" style="padding-left:25px;width:200px;" |

== Project Leader(s) ==

Milton Smith<br/>
[mailto:milton.smith@owasp.org email] [https://twitter.com/spoofzu/ twitter] [http://www.securitycurmudgeon.com/ blog ]

== Related Projects ==
[https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy Project]

[https://www.owasp.org/index.php/OWASP_Security_Logging_Project OWASP Security Logging Project]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

== News and Events ==
* [17 May 2016] Beta4 Release Candidate is available for download. See [https://github.com/spoofzu/DeepViolet/releases/tag/1.4.000 release notes] for detail.

|}

=FAQs=
Following are various frequently asked questions.

==How can I participate in your project?==
Inform a Project Leader how you wish to contribute, your level of intended commitment, and how what you want to do aligns with project goals and milestones. There are many different ways you can contribute to an OWASP Project and communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator.

Additional FAQ's can be found on the projects [https://github.com/spoofzu/DeepViolet/wiki/Frequently-Asked-Questions GitHub FAQ area].

= Acknowledgements =

==Many Thanks==

Many thanks around negotiating TLS/SSL handshake and cipher suite handling adapted from code examples by Thomas Pornin [mailto://pornin@bolet.org/ email]

==Volunteers==

Code is not the only way to contribute but code contributions are found on [https://github.com/spoofzu/DeepViolet/network/members GitHub Members].

= Road Map and Getting Involved =

==Roadmap==

This project is operational and includes a number of powerful features. The roadmap is managed via the projects GitHub site, [https://github.com/spoofzu/DeepViolet/issues DeepViolet Roadmap]. Project roadmap is tracked as GitHub project issues and labeled accordingly. For example, at the time of this writing an issue has been created for Beta5 which is labeled, ''Beta5 Proposed Features/Roadmap''.

==Getting Involved==
You do not have to be a security expert or a programmer to contribute. Some of the ways you can help are as follows:

===Coding===
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests
===Localization===
Are you fluent in another language? Can you help translate the text strings in the <strong>Code Project Template</strong> into that language?
===Testing===
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.
===Build Management===
Are you a GitHub ninja? Into build management, setting up GitHub badges, Travis CI, etc. Let us know if you can offer your help.
===Feedback===
We are open to any thoughts you have to improve DeepViolet. When you propose your idea be sure to include how you can help. Ideas are great but execution is king. Please send your comments or ideas to the project leader(s) or post it as a [https://github.com/spoofzu/DeepViolet/issues project issue].

=Project About=

{{Template:Project About
| project_name = DeepViolet
| project_description = TLS/SSL scanning tool for the command line, desktop, and API to include in your programs.
| project_license = [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License 2.0]
| leader_name1 = Milton Smith
| leader_email1 = milton.smith@owasp.org
| leader_username1 = [https://www.owasp.org/index.php/User:Miltonsmith Miltonsmith]
| mailing_list_name =[https://lists.owasp.org/mailman/listinfo/deepviolet https://lists.owasp.org/mailman/listinfo/deepviolet]
}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Code]]

OWASP DeepViolet TLS/SSL Scanner

2016-09-02T20:32:45Z

Miltonsmith: /* How can I participate in your project? */

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP DeepViolet TLS/SSL Scanner Code Project==

DeepViolet is a TLS/SSL scanning API written in Java. To keep DeepViolet easy to use, identify bugs, reference implementations have been developed that consume the API. If you want to see what DeepViolet can do, use it from the command line in your scripts or use the graphical tool from the comfort of your desktop. Both tools can be used to scan HTTPS web servers to check server certificate trust chains, revocation status, check certificates for pending expiration, weak signing algorithms and much more.

==How is DeepViolet Helpful?==

Already great tools exist today for TLS/SSL scanning like, [https://www.ssllabs.com/ssltest/index.html, Qualys Labs], [https://observatory.mozilla.org/, Mozilla Observatory], [https://www.openssl.org/, OpenSSL]. Why do I care about DeepViolet? A valid question and one I asked myself. Originally, DeepViolet was written as an educational tool. A tool to learn TLS/SSL protocols and some of the issues around recent attack trends better. The goal was not to develop a TLS/SSL scanner and compete with existing powerful tools. However, it turns out there are few choices for easy to use open source Java TLS/SSL scanning APIs. What better way to learn TLS/SSL and provide other scanning projects with a Java friendly API scanning solution - the DeepViolet project was born.

==Licensing==

This library is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License, Version 2.0]. You can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Quick Start ==

See project [https://github.com/spoofzu/DeepViolet GitHub home page]

== Project Resources ==

[https://github.com/spoofzu/Source Code] | [https://github.com/spoofzu/DeepViolet/releases Binaries] | [https://spoofzu.github.io/DeepViolet/ API JavaDocs]

[https://github.com/spoofzu/DeepViolet/issues Issue Tracker]

[https://github.com/spoofzu/DeepViolet/issues/5 Road Map(Beta 5)]

[https://groups.google.com/forum/#!forum/deepviolet-development DeepViolet Dev Group], ask questions

==Requirements==

Java SE 8+

Tested on OS X and Windows

| valign="top" style="padding-left:25px;width:200px;" |

== Project Leader(s) ==

Milton Smith<br/>
[mailto:milton.smith@owasp.org email] [https://twitter.com/spoofzu/ twitter] [http://www.securitycurmudgeon.com/ blog ]

== Related Projects ==
[https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy Project]

[https://www.owasp.org/index.php/OWASP_Security_Logging_Project OWASP Security Logging Project]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

== News and Events ==
* [17 May 2016] Beta4 Release Candidate is available for download. See [https://github.com/spoofzu/DeepViolet/releases/tag/1.4.000 release notes] for detail.

|}

=FAQs=
Following are various frequently asked questions.

==How can I participate in your project?==
Inform a Project Leader how you wish to contribute, your level of intended commitment, and how what you want to do aligns with project goals and milestones. There are many different ways you can contribute to an OWASP Project and communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator.

= Acknowledgements =

==Many Thanks==

Many thanks around negotiating TLS/SSL handshake and cipher suite handling adapted from code examples by Thomas Pornin [mailto://pornin@bolet.org/ email]

==Volunteers==

Code is not the only way to contribute but code contributions are found on [https://github.com/spoofzu/DeepViolet/network/members GitHub Members].

= Road Map and Getting Involved =

==Roadmap==

This project is operational and includes a number of powerful features. The roadmap is managed via the projects GitHub site, [https://github.com/spoofzu/DeepViolet/issues DeepViolet Roadmap]. Project roadmap is tracked as GitHub project issues and labeled accordingly. For example, at the time of this writing an issue has been created for Beta5 which is labeled, ''Beta5 Proposed Features/Roadmap''.

==Getting Involved==
You do not have to be a security expert or a programmer to contribute. Some of the ways you can help are as follows:

===Coding===
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests
===Localization===
Are you fluent in another language? Can you help translate the text strings in the <strong>Code Project Template</strong> into that language?
===Testing===
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.
===Build Management===
Are you a GitHub ninja? Into build management, setting up GitHub badges, Travis CI, etc. Let us know if you can offer your help.
===Feedback===
We are open to any thoughts you have to improve DeepViolet. When you propose your idea be sure to include how you can help. Ideas are great but execution is king. Please send your comments or ideas to the project leader(s) or post it as a [https://github.com/spoofzu/DeepViolet/issues project issue].

=Project About=

{{Template:Project About
| project_name = DeepViolet
| project_description = TLS/SSL scanning tool for the command line, desktop, and API to include in your programs.
| project_license = [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License 2.0]
| leader_name1 = Milton Smith
| leader_email1 = milton.smith@owasp.org
| leader_username1 = [https://www.owasp.org/index.php/User:Miltonsmith Miltonsmith]
| mailing_list_name =[https://lists.owasp.org/mailman/listinfo/deepviolet https://lists.owasp.org/mailman/listinfo/deepviolet]
}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Code]]

OWASP DeepViolet TLS/SSL Scanner

2016-09-02T20:29:01Z

Miltonsmith: /* Acknowledgements */

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP DeepViolet TLS/SSL Scanner Code Project==

DeepViolet is a TLS/SSL scanning API written in Java. To keep DeepViolet easy to use, identify bugs, reference implementations have been developed that consume the API. If you want to see what DeepViolet can do, use it from the command line in your scripts or use the graphical tool from the comfort of your desktop. Both tools can be used to scan HTTPS web servers to check server certificate trust chains, revocation status, check certificates for pending expiration, weak signing algorithms and much more.

==How is DeepViolet Helpful?==

Already great tools exist today for TLS/SSL scanning like, [https://www.ssllabs.com/ssltest/index.html, Qualys Labs], [https://observatory.mozilla.org/, Mozilla Observatory], [https://www.openssl.org/, OpenSSL]. Why do I care about DeepViolet? A valid question and one I asked myself. Originally, DeepViolet was written as an educational tool. A tool to learn TLS/SSL protocols and some of the issues around recent attack trends better. The goal was not to develop a TLS/SSL scanner and compete with existing powerful tools. However, it turns out there are few choices for easy to use open source Java TLS/SSL scanning APIs. What better way to learn TLS/SSL and provide other scanning projects with a Java friendly API scanning solution - the DeepViolet project was born.

==Licensing==

This library is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License, Version 2.0]. You can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Quick Start ==

See project [https://github.com/spoofzu/DeepViolet GitHub home page]

== Project Resources ==

[https://github.com/spoofzu/Source Code] | [https://github.com/spoofzu/DeepViolet/releases Binaries] | [https://spoofzu.github.io/DeepViolet/ API JavaDocs]

[https://github.com/spoofzu/DeepViolet/issues Issue Tracker]

[https://github.com/spoofzu/DeepViolet/issues/5 Road Map(Beta 5)]

[https://groups.google.com/forum/#!forum/deepviolet-development DeepViolet Dev Group], ask questions

==Requirements==

Java SE 8+

Tested on OS X and Windows

| valign="top" style="padding-left:25px;width:200px;" |

== Project Leader(s) ==

Milton Smith<br/>
[mailto:milton.smith@owasp.org email] [https://twitter.com/spoofzu/ twitter] [http://www.securitycurmudgeon.com/ blog ]

== Related Projects ==
[https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy Project]

[https://www.owasp.org/index.php/OWASP_Security_Logging_Project OWASP Security Logging Project]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

== News and Events ==
* [17 May 2016] Beta4 Release Candidate is available for download. See [https://github.com/spoofzu/DeepViolet/releases/tag/1.4.000 release notes] for detail.

|}

=FAQs=
Following are various frequently asked questions.

==How can I participate in your project?==
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator.

= Acknowledgements =

==Many Thanks==

Many thanks around negotiating TLS/SSL handshake and cipher suite handling adapted from code examples by Thomas Pornin [mailto://pornin@bolet.org/ email]

==Volunteers==

Code is not the only way to contribute but code contributions are found on [https://github.com/spoofzu/DeepViolet/network/members GitHub Members].

= Road Map and Getting Involved =

==Roadmap==

This project is operational and includes a number of powerful features. The roadmap is managed via the projects GitHub site, [https://github.com/spoofzu/DeepViolet/issues DeepViolet Roadmap]. Project roadmap is tracked as GitHub project issues and labeled accordingly. For example, at the time of this writing an issue has been created for Beta5 which is labeled, ''Beta5 Proposed Features/Roadmap''.

==Getting Involved==
You do not have to be a security expert or a programmer to contribute. Some of the ways you can help are as follows:

===Coding===
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests
===Localization===
Are you fluent in another language? Can you help translate the text strings in the <strong>Code Project Template</strong> into that language?
===Testing===
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.
===Build Management===
Are you a GitHub ninja? Into build management, setting up GitHub badges, Travis CI, etc. Let us know if you can offer your help.
===Feedback===
We are open to any thoughts you have to improve DeepViolet. When you propose your idea be sure to include how you can help. Ideas are great but execution is king. Please send your comments or ideas to the project leader(s) or post it as a [https://github.com/spoofzu/DeepViolet/issues project issue].

=Project About=

{{Template:Project About
| project_name = DeepViolet
| project_description = TLS/SSL scanning tool for the command line, desktop, and API to include in your programs.
| project_license = [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License 2.0]
| leader_name1 = Milton Smith
| leader_email1 = milton.smith@owasp.org
| leader_username1 = [https://www.owasp.org/index.php/User:Miltonsmith Miltonsmith]
| mailing_list_name =[https://lists.owasp.org/mailman/listinfo/deepviolet https://lists.owasp.org/mailman/listinfo/deepviolet]
}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Code]]

OWASP DeepViolet TLS/SSL Scanner

2016-09-02T19:29:25Z

Miltonsmith: /* Project Resources */

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP DeepViolet TLS/SSL Scanner Code Project==

DeepViolet is a TLS/SSL scanning API written in Java. To keep DeepViolet easy to use, identify bugs, reference implementations have been developed that consume the API. If you want to see what DeepViolet can do, use it from the command line in your scripts or use the graphical tool from the comfort of your desktop. Both tools can be used to scan HTTPS web servers to check server certificate trust chains, revocation status, check certificates for pending expiration, weak signing algorithms and much more.

==How is DeepViolet Helpful?==

Already great tools exist today for TLS/SSL scanning like, [https://www.ssllabs.com/ssltest/index.html, Qualys Labs], [https://observatory.mozilla.org/, Mozilla Observatory], [https://www.openssl.org/, OpenSSL]. Why do I care about DeepViolet? A valid question and one I asked myself. Originally, DeepViolet was written as an educational tool. A tool to learn TLS/SSL protocols and some of the issues around recent attack trends better. The goal was not to develop a TLS/SSL scanner and compete with existing powerful tools. However, it turns out there are few choices for easy to use open source Java TLS/SSL scanning APIs. What better way to learn TLS/SSL and provide other scanning projects with a Java friendly API scanning solution - the DeepViolet project was born.

==Licensing==

This library is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License, Version 2.0]. You can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Quick Start ==

See project [https://github.com/spoofzu/DeepViolet GitHub home page]

== Project Resources ==

[https://github.com/spoofzu/Source Code] | [https://github.com/spoofzu/DeepViolet/releases Binaries] | [https://spoofzu.github.io/DeepViolet/ API JavaDocs]

[https://github.com/spoofzu/DeepViolet/issues Issue Tracker]

[https://github.com/spoofzu/DeepViolet/issues/5 Road Map(Beta 5)]

[https://groups.google.com/forum/#!forum/deepviolet-development DeepViolet Dev Group], ask questions

==Requirements==

Java SE 8+

Tested on OS X and Windows

| valign="top" style="padding-left:25px;width:200px;" |

== Project Leader(s) ==

Milton Smith<br/>
[mailto:milton.smith@owasp.org email] [https://twitter.com/spoofzu/ twitter] [http://www.securitycurmudgeon.com/ blog ]

== Related Projects ==
[https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy Project]

[https://www.owasp.org/index.php/OWASP_Security_Logging_Project OWASP Security Logging Project]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

== News and Events ==
* [17 May 2016] Beta4 Release Candidate is available for download. See [https://github.com/spoofzu/DeepViolet/releases/tag/1.4.000 release notes] for detail.

|}

=FAQs=
Following are various frequently asked questions.

==How can I participate in your project?==
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator.

= Acknowledgements =

==Many Thanks==

Many thanks around negotiating TLS/SSL handshake and cipher suite handling adapted from code examples by Thomas Pornin [mailto://pornin@bolet.org/ email]

==Volunteers==

None yet. Fame, fortune, and security glory is within your grasp.

= Road Map and Getting Involved =

==Roadmap==

This project is operational and includes a number of powerful features. The roadmap is managed via the projects GitHub site, [https://github.com/spoofzu/DeepViolet/issues DeepViolet Roadmap]. Project roadmap is tracked as GitHub project issues and labeled accordingly. For example, at the time of this writing an issue has been created for Beta5 which is labeled, ''Beta5 Proposed Features/Roadmap''.

==Getting Involved==
You do not have to be a security expert or a programmer to contribute. Some of the ways you can help are as follows:

===Coding===
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests
===Localization===
Are you fluent in another language? Can you help translate the text strings in the <strong>Code Project Template</strong> into that language?
===Testing===
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.
===Build Management===
Are you a GitHub ninja? Into build management, setting up GitHub badges, Travis CI, etc. Let us know if you can offer your help.
===Feedback===
We are open to any thoughts you have to improve DeepViolet. When you propose your idea be sure to include how you can help. Ideas are great but execution is king. Please send your comments or ideas to the project leader(s) or post it as a [https://github.com/spoofzu/DeepViolet/issues project issue].

=Project About=

{{Template:Project About
| project_name = DeepViolet
| project_description = TLS/SSL scanning tool for the command line, desktop, and API to include in your programs.
| project_license = [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License 2.0]
| leader_name1 = Milton Smith
| leader_email1 = milton.smith@owasp.org
| leader_username1 = [https://www.owasp.org/index.php/User:Miltonsmith Miltonsmith]
| mailing_list_name =[https://lists.owasp.org/mailman/listinfo/deepviolet https://lists.owasp.org/mailman/listinfo/deepviolet]
}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Code]]

OWASP DeepViolet TLS/SSL Scanner

2016-09-02T19:27:28Z

Miltonsmith: /* Project Resources */

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP DeepViolet TLS/SSL Scanner Code Project==

DeepViolet is a TLS/SSL scanning API written in Java. To keep DeepViolet easy to use, identify bugs, reference implementations have been developed that consume the API. If you want to see what DeepViolet can do, use it from the command line in your scripts or use the graphical tool from the comfort of your desktop. Both tools can be used to scan HTTPS web servers to check server certificate trust chains, revocation status, check certificates for pending expiration, weak signing algorithms and much more.

==How is DeepViolet Helpful?==

Already great tools exist today for TLS/SSL scanning like, [https://www.ssllabs.com/ssltest/index.html, Qualys Labs], [https://observatory.mozilla.org/, Mozilla Observatory], [https://www.openssl.org/, OpenSSL]. Why do I care about DeepViolet? A valid question and one I asked myself. Originally, DeepViolet was written as an educational tool. A tool to learn TLS/SSL protocols and some of the issues around recent attack trends better. The goal was not to develop a TLS/SSL scanner and compete with existing powerful tools. However, it turns out there are few choices for easy to use open source Java TLS/SSL scanning APIs. What better way to learn TLS/SSL and provide other scanning projects with a Java friendly API scanning solution - the DeepViolet project was born.

==Licensing==

This library is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License, Version 2.0]. You can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Quick Start ==

See project [https://github.com/spoofzu/DeepViolet GitHub home page]

== Project Resources ==

[https://github.com/spoofzu/DeepViolet Source Code]

[https://spoofzu.github.io/DeepViolet/ API JavaDocs]

[https://github.com/spoofzu/DeepViolet/releases Release Binaries]

[https://github.com/spoofzu/DeepViolet/issues Issue Tracker]

[https://github.com/spoofzu/DeepViolet/issues/5 Road Map(Beta 5)]

[https://groups.google.com/forum/#!forum/deepviolet-development DeepViolet Dev Group]

==Requirements==

Java SE 8+

Tested on OS X and Windows

| valign="top" style="padding-left:25px;width:200px;" |

== Project Leader(s) ==

Milton Smith<br/>
[mailto:milton.smith@owasp.org email] [https://twitter.com/spoofzu/ twitter] [http://www.securitycurmudgeon.com/ blog ]

== Related Projects ==
[https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy Project]

[https://www.owasp.org/index.php/OWASP_Security_Logging_Project OWASP Security Logging Project]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

== News and Events ==
* [17 May 2016] Beta4 Release Candidate is available for download. See [https://github.com/spoofzu/DeepViolet/releases/tag/1.4.000 release notes] for detail.

|}

=FAQs=
Following are various frequently asked questions.

==How can I participate in your project?==
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator.

= Acknowledgements =

==Many Thanks==

Many thanks around negotiating TLS/SSL handshake and cipher suite handling adapted from code examples by Thomas Pornin [mailto://pornin@bolet.org/ email]

==Volunteers==

None yet. Fame, fortune, and security glory is within your grasp.

= Road Map and Getting Involved =

==Roadmap==

This project is operational and includes a number of powerful features. The roadmap is managed via the projects GitHub site, [https://github.com/spoofzu/DeepViolet/issues DeepViolet Roadmap]. Project roadmap is tracked as GitHub project issues and labeled accordingly. For example, at the time of this writing an issue has been created for Beta5 which is labeled, ''Beta5 Proposed Features/Roadmap''.

==Getting Involved==
You do not have to be a security expert or a programmer to contribute. Some of the ways you can help are as follows:

===Coding===
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests
===Localization===
Are you fluent in another language? Can you help translate the text strings in the <strong>Code Project Template</strong> into that language?
===Testing===
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.
===Build Management===
Are you a GitHub ninja? Into build management, setting up GitHub badges, Travis CI, etc. Let us know if you can offer your help.
===Feedback===
We are open to any thoughts you have to improve DeepViolet. When you propose your idea be sure to include how you can help. Ideas are great but execution is king. Please send your comments or ideas to the project leader(s) or post it as a [https://github.com/spoofzu/DeepViolet/issues project issue].

=Project About=

{{Template:Project About
| project_name = DeepViolet
| project_description = TLS/SSL scanning tool for the command line, desktop, and API to include in your programs.
| project_license = [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License 2.0]
| leader_name1 = Milton Smith
| leader_email1 = milton.smith@owasp.org
| leader_username1 = [https://www.owasp.org/index.php/User:Miltonsmith Miltonsmith]
| mailing_list_name =[https://lists.owasp.org/mailman/listinfo/deepviolet https://lists.owasp.org/mailman/listinfo/deepviolet]
}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Code]]

OWASP DeepViolet TLS/SSL Scanner

2016-09-01T04:02:42Z

Miltonsmith: /* Project Resources */

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP DeepViolet TLS/SSL Scanner Code Project==

DeepViolet is a TLS/SSL scanning API written in Java. To keep DeepViolet easy to use, identify bugs, reference implementations have been developed that consume the API. If you want to see what DeepViolet can do, use it from the command line in your scripts or use the graphical tool from the comfort of your desktop. Both tools can be used to scan HTTPS web servers to check server certificate trust chains, revocation status, check certificates for pending expiration, weak signing algorithms and much more.

==How is DeepViolet Helpful?==

Already great tools exist today for TLS/SSL scanning like, [https://www.ssllabs.com/ssltest/index.html, Qualys Labs], [https://observatory.mozilla.org/, Mozilla Observatory], [https://www.openssl.org/, OpenSSL]. Why do I care about DeepViolet? A valid question and one I asked myself. Originally, DeepViolet was written as an educational tool. A tool to learn TLS/SSL protocols and some of the issues around recent attack trends better. The goal was not to develop a TLS/SSL scanner and compete with existing powerful tools. However, it turns out there are few choices for easy to use open source Java TLS/SSL scanning APIs. What better way to learn TLS/SSL and provide other scanning projects with a Java friendly API scanning solution - the DeepViolet project was born.

==Licensing==

This library is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License, Version 2.0]. You can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Quick Start ==

See project [https://github.com/spoofzu/DeepViolet GitHub home page]

== Project Resources ==

[https://github.com/spoofzu/DeepViolet Source Code]

[https://spoofzu.github.io/DeepViolet/ API JavaDocs]

[https://github.com/spoofzu/DeepViolet/releases Release Binaries]

[https://github.com/spoofzu/DeepViolet/issues Issue Tracker]

[https://github.com/spoofzu/DeepViolet/issues/5 Road Map(Beta 5)]

[https://github.com/spoofzu/DeepViolet/issues/6 Unscheduled Features]

==Requirements==

Java SE 8+

Tested on OS X and Windows

| valign="top" style="padding-left:25px;width:200px;" |

== Project Leader(s) ==

Milton Smith<br/>
[mailto:milton.smith@owasp.org email] [https://twitter.com/spoofzu/ twitter] [http://www.securitycurmudgeon.com/ blog ]

== Related Projects ==
[https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy Project]

[https://www.owasp.org/index.php/OWASP_Security_Logging_Project OWASP Security Logging Project]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

== News and Events ==
* [17 May 2016] Beta4 Release Candidate is available for download. See [https://github.com/spoofzu/DeepViolet/releases/tag/1.4.000 release notes] for detail.

|}

=FAQs=
Following are various frequently asked questions.

==How can I participate in your project?==
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator.

= Acknowledgements =

==Many Thanks==

Many thanks around negotiating TLS/SSL handshake and cipher suite handling adapted from code examples by Thomas Pornin [mailto://pornin@bolet.org/ email]

==Volunteers==

None yet. Fame, fortune, and security glory is within your grasp.

= Road Map and Getting Involved =

==Roadmap==

This project is operational and includes a number of powerful features. The roadmap is managed via the projects GitHub site, [https://github.com/spoofzu/DeepViolet/issues DeepViolet Roadmap]. Project roadmap is tracked as GitHub project issues and labeled accordingly. For example, at the time of this writing an issue has been created for Beta5 which is labeled, ''Beta5 Proposed Features/Roadmap''.

==Getting Involved==
You do not have to be a security expert or a programmer to contribute. Some of the ways you can help are as follows:

===Coding===
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests
===Localization===
Are you fluent in another language? Can you help translate the text strings in the <strong>Code Project Template</strong> into that language?
===Testing===
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.
===Build Management===
Are you a GitHub ninja? Into build management, setting up GitHub badges, Travis CI, etc. Let us know if you can offer your help.
===Feedback===
We are open to any thoughts you have to improve DeepViolet. When you propose your idea be sure to include how you can help. Ideas are great but execution is king. Please send your comments or ideas to the project leader(s) or post it as a [https://github.com/spoofzu/DeepViolet/issues project issue].

=Project About=

{{Template:Project About
| project_name = DeepViolet
| project_description = TLS/SSL scanning tool for the command line, desktop, and API to include in your programs.
| project_license = [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License 2.0]
| leader_name1 = Milton Smith
| leader_email1 = milton.smith@owasp.org
| leader_username1 = [https://www.owasp.org/index.php/User:Miltonsmith Miltonsmith]
| mailing_list_name =[https://lists.owasp.org/mailman/listinfo/deepviolet https://lists.owasp.org/mailman/listinfo/deepviolet]
}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Code]]

OWASP DeepViolet TLS/SSL Scanner

2016-09-01T04:02:24Z

Miltonsmith: /* Project Resources */

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP DeepViolet TLS/SSL Scanner Code Project==

DeepViolet is a TLS/SSL scanning API written in Java. To keep DeepViolet easy to use, identify bugs, reference implementations have been developed that consume the API. If you want to see what DeepViolet can do, use it from the command line in your scripts or use the graphical tool from the comfort of your desktop. Both tools can be used to scan HTTPS web servers to check server certificate trust chains, revocation status, check certificates for pending expiration, weak signing algorithms and much more.

==How is DeepViolet Helpful?==

Already great tools exist today for TLS/SSL scanning like, [https://www.ssllabs.com/ssltest/index.html, Qualys Labs], [https://observatory.mozilla.org/, Mozilla Observatory], [https://www.openssl.org/, OpenSSL]. Why do I care about DeepViolet? A valid question and one I asked myself. Originally, DeepViolet was written as an educational tool. A tool to learn TLS/SSL protocols and some of the issues around recent attack trends better. The goal was not to develop a TLS/SSL scanner and compete with existing powerful tools. However, it turns out there are few choices for easy to use open source Java TLS/SSL scanning APIs. What better way to learn TLS/SSL and provide other scanning projects with a Java friendly API scanning solution - the DeepViolet project was born.

==Licensing==

This library is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License, Version 2.0]. You can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Quick Start ==

See project [https://github.com/spoofzu/DeepViolet GitHub home page]

== Project Resources ==

[https://github.com/spoofzu/DeepViolet Source Code]

[https://spoofzu.github.io/DeepViolet/ API JavaDocs]

[https://github.com/spoofzu/DeepViolet/releases Release Binaries]

[https://github.com/spoofzu/DeepViolet/issues Issue Tracker]

[https://github.com/spoofzu/DeepViolet/issues/5 Road Map(Beta 5]

[https://github.com/spoofzu/DeepViolet/issues/6 Unscheduled Features]

==Requirements==

Java SE 8+

Tested on OS X and Windows

| valign="top" style="padding-left:25px;width:200px;" |

== Project Leader(s) ==

Milton Smith<br/>
[mailto:milton.smith@owasp.org email] [https://twitter.com/spoofzu/ twitter] [http://www.securitycurmudgeon.com/ blog ]

== Related Projects ==
[https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy Project]

[https://www.owasp.org/index.php/OWASP_Security_Logging_Project OWASP Security Logging Project]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

== News and Events ==
* [17 May 2016] Beta4 Release Candidate is available for download. See [https://github.com/spoofzu/DeepViolet/releases/tag/1.4.000 release notes] for detail.

|}

=FAQs=
Following are various frequently asked questions.

==How can I participate in your project?==
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator.

= Acknowledgements =

==Many Thanks==

Many thanks around negotiating TLS/SSL handshake and cipher suite handling adapted from code examples by Thomas Pornin [mailto://pornin@bolet.org/ email]

==Volunteers==

None yet. Fame, fortune, and security glory is within your grasp.

= Road Map and Getting Involved =

==Roadmap==

This project is operational and includes a number of powerful features. The roadmap is managed via the projects GitHub site, [https://github.com/spoofzu/DeepViolet/issues DeepViolet Roadmap]. Project roadmap is tracked as GitHub project issues and labeled accordingly. For example, at the time of this writing an issue has been created for Beta5 which is labeled, ''Beta5 Proposed Features/Roadmap''.

==Getting Involved==
You do not have to be a security expert or a programmer to contribute. Some of the ways you can help are as follows:

===Coding===
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests
===Localization===
Are you fluent in another language? Can you help translate the text strings in the <strong>Code Project Template</strong> into that language?
===Testing===
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.
===Build Management===
Are you a GitHub ninja? Into build management, setting up GitHub badges, Travis CI, etc. Let us know if you can offer your help.
===Feedback===
We are open to any thoughts you have to improve DeepViolet. When you propose your idea be sure to include how you can help. Ideas are great but execution is king. Please send your comments or ideas to the project leader(s) or post it as a [https://github.com/spoofzu/DeepViolet/issues project issue].

=Project About=

{{Template:Project About
| project_name = DeepViolet
| project_description = TLS/SSL scanning tool for the command line, desktop, and API to include in your programs.
| project_license = [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License 2.0]
| leader_name1 = Milton Smith
| leader_email1 = milton.smith@owasp.org
| leader_username1 = [https://www.owasp.org/index.php/User:Miltonsmith Miltonsmith]
| mailing_list_name =[https://lists.owasp.org/mailman/listinfo/deepviolet https://lists.owasp.org/mailman/listinfo/deepviolet]
}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Code]]

OWASP DeepViolet TLS/SSL Scanner

2016-09-01T04:00:31Z

Miltonsmith: /* Project Resources */

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP DeepViolet TLS/SSL Scanner Code Project==

DeepViolet is a TLS/SSL scanning API written in Java. To keep DeepViolet easy to use, identify bugs, reference implementations have been developed that consume the API. If you want to see what DeepViolet can do, use it from the command line in your scripts or use the graphical tool from the comfort of your desktop. Both tools can be used to scan HTTPS web servers to check server certificate trust chains, revocation status, check certificates for pending expiration, weak signing algorithms and much more.

==How is DeepViolet Helpful?==

Already great tools exist today for TLS/SSL scanning like, [https://www.ssllabs.com/ssltest/index.html, Qualys Labs], [https://observatory.mozilla.org/, Mozilla Observatory], [https://www.openssl.org/, OpenSSL]. Why do I care about DeepViolet? A valid question and one I asked myself. Originally, DeepViolet was written as an educational tool. A tool to learn TLS/SSL protocols and some of the issues around recent attack trends better. The goal was not to develop a TLS/SSL scanner and compete with existing powerful tools. However, it turns out there are few choices for easy to use open source Java TLS/SSL scanning APIs. What better way to learn TLS/SSL and provide other scanning projects with a Java friendly API scanning solution - the DeepViolet project was born.

==Licensing==

This library is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License, Version 2.0]. You can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Quick Start ==

See project [https://github.com/spoofzu/DeepViolet GitHub home page]

== Project Resources ==

[https://github.com/spoofzu/DeepViolet Source Code]

[https://spoofzu.github.io/DeepViolet/, API JavaDocs]

[https://github.com/spoofzu/DeepViolet/releases Release Binaries]

[https://github.com/spoofzu/DeepViolet/issues Issue Tracker]

[https://github.com/spoofzu/DeepViolet/issues/5, Road Map]

==Requirements==

Java SE 8+

Tested on OS X and Windows

| valign="top" style="padding-left:25px;width:200px;" |

== Project Leader(s) ==

Milton Smith<br/>
[mailto:milton.smith@owasp.org email] [https://twitter.com/spoofzu/ twitter] [http://www.securitycurmudgeon.com/ blog ]

== Related Projects ==
[https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy Project]

[https://www.owasp.org/index.php/OWASP_Security_Logging_Project OWASP Security Logging Project]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

== News and Events ==
* [17 May 2016] Beta4 Release Candidate is available for download. See [https://github.com/spoofzu/DeepViolet/releases/tag/1.4.000 release notes] for detail.

|}

=FAQs=
Following are various frequently asked questions.

==How can I participate in your project?==
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator.

= Acknowledgements =

==Many Thanks==

Many thanks around negotiating TLS/SSL handshake and cipher suite handling adapted from code examples by Thomas Pornin [mailto://pornin@bolet.org/ email]

==Volunteers==

None yet. Fame, fortune, and security glory is within your grasp.

= Road Map and Getting Involved =

==Roadmap==

This project is operational and includes a number of powerful features. The roadmap is managed via the projects GitHub site, [https://github.com/spoofzu/DeepViolet/issues DeepViolet Roadmap]. Project roadmap is tracked as GitHub project issues and labeled accordingly. For example, at the time of this writing an issue has been created for Beta5 which is labeled, ''Beta5 Proposed Features/Roadmap''.

==Getting Involved==
You do not have to be a security expert or a programmer to contribute. Some of the ways you can help are as follows:

===Coding===
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests
===Localization===
Are you fluent in another language? Can you help translate the text strings in the <strong>Code Project Template</strong> into that language?
===Testing===
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.
===Build Management===
Are you a GitHub ninja? Into build management, setting up GitHub badges, Travis CI, etc. Let us know if you can offer your help.
===Feedback===
We are open to any thoughts you have to improve DeepViolet. When you propose your idea be sure to include how you can help. Ideas are great but execution is king. Please send your comments or ideas to the project leader(s) or post it as a [https://github.com/spoofzu/DeepViolet/issues project issue].

=Project About=

{{Template:Project About
| project_name = DeepViolet
| project_description = TLS/SSL scanning tool for the command line, desktop, and API to include in your programs.
| project_license = [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License 2.0]
| leader_name1 = Milton Smith
| leader_email1 = milton.smith@owasp.org
| leader_username1 = [https://www.owasp.org/index.php/User:Miltonsmith Miltonsmith]
| mailing_list_name =[https://lists.owasp.org/mailman/listinfo/deepviolet https://lists.owasp.org/mailman/listinfo/deepviolet]
}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Code]]

OWASP DeepViolet TLS/SSL Scanner

2016-09-01T03:59:22Z

Miltonsmith: /* Project Resources */

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP DeepViolet TLS/SSL Scanner Code Project==

DeepViolet is a TLS/SSL scanning API written in Java. To keep DeepViolet easy to use, identify bugs, reference implementations have been developed that consume the API. If you want to see what DeepViolet can do, use it from the command line in your scripts or use the graphical tool from the comfort of your desktop. Both tools can be used to scan HTTPS web servers to check server certificate trust chains, revocation status, check certificates for pending expiration, weak signing algorithms and much more.

==How is DeepViolet Helpful?==

Already great tools exist today for TLS/SSL scanning like, [https://www.ssllabs.com/ssltest/index.html, Qualys Labs], [https://observatory.mozilla.org/, Mozilla Observatory], [https://www.openssl.org/, OpenSSL]. Why do I care about DeepViolet? A valid question and one I asked myself. Originally, DeepViolet was written as an educational tool. A tool to learn TLS/SSL protocols and some of the issues around recent attack trends better. The goal was not to develop a TLS/SSL scanner and compete with existing powerful tools. However, it turns out there are few choices for easy to use open source Java TLS/SSL scanning APIs. What better way to learn TLS/SSL and provide other scanning projects with a Java friendly API scanning solution - the DeepViolet project was born.

==Licensing==

This library is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License, Version 2.0]. You can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Quick Start ==

See project [https://github.com/spoofzu/DeepViolet GitHub home page]

== Project Resources ==

[https://github.com/spoofzu/DeepViolet Source Code]

[https://github.com/spoofzu/DeepViolet/releases Release Binaries]

[https://github.com/spoofzu/DeepViolet/issues Issue Tracker]

[https://github.com/spoofzu/DeepViolet/issues/5, Road Map]

==Requirements==

Java SE 8+

Tested on OS X and Windows

| valign="top" style="padding-left:25px;width:200px;" |

== Project Leader(s) ==

Milton Smith<br/>
[mailto:milton.smith@owasp.org email] [https://twitter.com/spoofzu/ twitter] [http://www.securitycurmudgeon.com/ blog ]

== Related Projects ==
[https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy Project]

[https://www.owasp.org/index.php/OWASP_Security_Logging_Project OWASP Security Logging Project]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

== News and Events ==
* [17 May 2016] Beta4 Release Candidate is available for download. See [https://github.com/spoofzu/DeepViolet/releases/tag/1.4.000 release notes] for detail.

|}

=FAQs=
Following are various frequently asked questions.

==How can I participate in your project?==
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator.

= Acknowledgements =

==Many Thanks==

Many thanks around negotiating TLS/SSL handshake and cipher suite handling adapted from code examples by Thomas Pornin [mailto://pornin@bolet.org/ email]

==Volunteers==

None yet. Fame, fortune, and security glory is within your grasp.

= Road Map and Getting Involved =

==Roadmap==

This project is operational and includes a number of powerful features. The roadmap is managed via the projects GitHub site, [https://github.com/spoofzu/DeepViolet/issues DeepViolet Roadmap]. Project roadmap is tracked as GitHub project issues and labeled accordingly. For example, at the time of this writing an issue has been created for Beta5 which is labeled, ''Beta5 Proposed Features/Roadmap''.

==Getting Involved==
You do not have to be a security expert or a programmer to contribute. Some of the ways you can help are as follows:

===Coding===
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests
===Localization===
Are you fluent in another language? Can you help translate the text strings in the <strong>Code Project Template</strong> into that language?
===Testing===
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.
===Build Management===
Are you a GitHub ninja? Into build management, setting up GitHub badges, Travis CI, etc. Let us know if you can offer your help.
===Feedback===
We are open to any thoughts you have to improve DeepViolet. When you propose your idea be sure to include how you can help. Ideas are great but execution is king. Please send your comments or ideas to the project leader(s) or post it as a [https://github.com/spoofzu/DeepViolet/issues project issue].

=Project About=

{{Template:Project About
| project_name = DeepViolet
| project_description = TLS/SSL scanning tool for the command line, desktop, and API to include in your programs.
| project_license = [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License 2.0]
| leader_name1 = Milton Smith
| leader_email1 = milton.smith@owasp.org
| leader_username1 = [https://www.owasp.org/index.php/User:Miltonsmith Miltonsmith]
| mailing_list_name =[https://lists.owasp.org/mailman/listinfo/deepviolet https://lists.owasp.org/mailman/listinfo/deepviolet]
}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Code]]

OWASP DeepViolet TLS/SSL Scanner

2016-08-31T18:57:37Z

Miltonsmith: /* OWASP DeepViolet TLS/SSL Scanner Code Project */

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP DeepViolet TLS/SSL Scanner Code Project==

DeepViolet is a TLS/SSL scanning API written in Java. To keep DeepViolet easy to use, identify bugs, reference implementations have been developed that consume the API. If you want to see what DeepViolet can do, use it from the command line in your scripts or use the graphical tool from the comfort of your desktop. Both tools can be used to scan HTTPS web servers to check server certificate trust chains, revocation status, check certificates for pending expiration, weak signing algorithms and much more.

==How is DeepViolet Helpful?==

Already great tools exist today for TLS/SSL scanning like, [https://www.ssllabs.com/ssltest/index.html, Qualys Labs], [https://observatory.mozilla.org/, Mozilla Observatory], [https://www.openssl.org/, OpenSSL]. Why do I care about DeepViolet? A valid question and one I asked myself. Originally, DeepViolet was written as an educational tool. A tool to learn TLS/SSL protocols and some of the issues around recent attack trends better. The goal was not to develop a TLS/SSL scanner and compete with existing powerful tools. However, it turns out there are few choices for easy to use open source Java TLS/SSL scanning APIs. What better way to learn TLS/SSL and provide other scanning projects with a Java friendly API scanning solution - the DeepViolet project was born.

==Licensing==

This library is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License, Version 2.0]. You can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Quick Start ==

See project [https://github.com/spoofzu/DeepViolet GitHub home page]

== Project Resources ==

[https://github.com/spoofzu/DeepViolet Source Code]

[https://github.com/spoofzu/DeepViolet/releases Release Binaries]

[https://github.com/spoofzu/DeepViolet/issues Issue Tracker]



==Requirements==

Java SE 8+

Tested on OS X and Windows

| valign="top" style="padding-left:25px;width:200px;" |

== Project Leader(s) ==

Milton Smith<br/>
[mailto:milton.smith@owasp.org email] [https://twitter.com/spoofzu/ twitter] [http://www.securitycurmudgeon.com/ blog ]

== Related Projects ==
[https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy Project]

[https://www.owasp.org/index.php/OWASP_Security_Logging_Project OWASP Security Logging Project]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

== News and Events ==
* [17 May 2016] Beta4 Release Candidate is available for download. See [https://github.com/spoofzu/DeepViolet/releases/tag/1.4.000 release notes] for detail.

|}

=FAQs=
Following are various frequently asked questions.

==How can I participate in your project?==
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator.

= Acknowledgements =

==Many Thanks==

Many thanks around negotiating TLS/SSL handshake and cipher suite handling adapted from code examples by Thomas Pornin [mailto://pornin@bolet.org/ email]

==Volunteers==

None yet. Fame, fortune, and security glory is within your grasp.

= Road Map and Getting Involved =

==Roadmap==

This project is operational and includes a number of powerful features. The roadmap is managed via the projects GitHub site, [https://github.com/spoofzu/DeepViolet/issues DeepViolet Roadmap]. Project roadmap is tracked as GitHub project issues and labeled accordingly. For example, at the time of this writing an issue has been created for Beta5 which is labeled, ''Beta5 Proposed Features/Roadmap''.

==Getting Involved==
You do not have to be a security expert or a programmer to contribute. Some of the ways you can help are as follows:

===Coding===
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests
===Localization===
Are you fluent in another language? Can you help translate the text strings in the <strong>Code Project Template</strong> into that language?
===Testing===
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.
===Build Management===
Are you a GitHub ninja? Into build management, setting up GitHub badges, Travis CI, etc. Let us know if you can offer your help.
===Feedback===
We are open to any thoughts you have to improve DeepViolet. When you propose your idea be sure to include how you can help. Ideas are great but execution is king. Please send your comments or ideas to the project leader(s) or post it as a [https://github.com/spoofzu/DeepViolet/issues project issue].

=Project About=

{{Template:Project About
| project_name = DeepViolet
| project_description = TLS/SSL scanning tool for the command line, desktop, and API to include in your programs.
| project_license = [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License 2.0]
| leader_name1 = Milton Smith
| leader_email1 = milton.smith@owasp.org
| leader_username1 = [https://www.owasp.org/index.php/User:Miltonsmith Miltonsmith]
| mailing_list_name =[https://lists.owasp.org/mailman/listinfo/deepviolet https://lists.owasp.org/mailman/listinfo/deepviolet]
}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Code]]

OWASP DeepViolet TLS/SSL Scanner

2016-08-31T18:50:55Z

Miltonsmith: /* How is DeepViolet Helpful? */

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP DeepViolet TLS/SSL Scanner Code Project==

DeepViolet is a TLS/SSL scanning library/tool written in Java. Use DeepViolet from the command line in your own *nix or Windows scripts. Alternatively, use the graphical user interface to scan HTTPS web servers from your desktop or include the DeepViolet API to include TLS/SSL scanning in your applications. Check server certificate trust chains, revocation status, check certificates for pending expiration, weak signing algorithms and more.

==How is DeepViolet Helpful?==

Already great tools exist today for TLS/SSL scanning like, [https://www.ssllabs.com/ssltest/index.html, Qualys Labs], [https://observatory.mozilla.org/, Mozilla Observatory], [https://www.openssl.org/, OpenSSL]. Why do I care about DeepViolet? A valid question and one I asked myself. Originally, DeepViolet was written as an educational tool. A tool to learn TLS/SSL protocols and some of the issues around recent attack trends better. The goal was not to develop a TLS/SSL scanner and compete with existing powerful tools. However, it turns out there are few choices for easy to use open source Java TLS/SSL scanning APIs. What better way to learn TLS/SSL and provide other scanning projects with a Java friendly API scanning solution - the DeepViolet project was born.

==Licensing==

This library is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License, Version 2.0]. You can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Quick Start ==

See project [https://github.com/spoofzu/DeepViolet GitHub home page]

== Project Resources ==

[https://github.com/spoofzu/DeepViolet Source Code]

[https://github.com/spoofzu/DeepViolet/releases Release Binaries]

[https://github.com/spoofzu/DeepViolet/issues Issue Tracker]



==Requirements==

Java SE 8+

Tested on OS X and Windows

| valign="top" style="padding-left:25px;width:200px;" |

== Project Leader(s) ==

Milton Smith<br/>
[mailto:milton.smith@owasp.org email] [https://twitter.com/spoofzu/ twitter] [http://www.securitycurmudgeon.com/ blog ]

== Related Projects ==
[https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy Project]

[https://www.owasp.org/index.php/OWASP_Security_Logging_Project OWASP Security Logging Project]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

== News and Events ==
* [17 May 2016] Beta4 Release Candidate is available for download. See [https://github.com/spoofzu/DeepViolet/releases/tag/1.4.000 release notes] for detail.

|}

=FAQs=
Following are various frequently asked questions.

==How can I participate in your project?==
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator.

= Acknowledgements =

==Many Thanks==

Many thanks around negotiating TLS/SSL handshake and cipher suite handling adapted from code examples by Thomas Pornin [mailto://pornin@bolet.org/ email]

==Volunteers==

None yet. Fame, fortune, and security glory is within your grasp.

= Road Map and Getting Involved =

==Roadmap==

This project is operational and includes a number of powerful features. The roadmap is managed via the projects GitHub site, [https://github.com/spoofzu/DeepViolet/issues DeepViolet Roadmap]. Project roadmap is tracked as GitHub project issues and labeled accordingly. For example, at the time of this writing an issue has been created for Beta5 which is labeled, ''Beta5 Proposed Features/Roadmap''.

==Getting Involved==
You do not have to be a security expert or a programmer to contribute. Some of the ways you can help are as follows:

===Coding===
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests
===Localization===
Are you fluent in another language? Can you help translate the text strings in the <strong>Code Project Template</strong> into that language?
===Testing===
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.
===Build Management===
Are you a GitHub ninja? Into build management, setting up GitHub badges, Travis CI, etc. Let us know if you can offer your help.
===Feedback===
We are open to any thoughts you have to improve DeepViolet. When you propose your idea be sure to include how you can help. Ideas are great but execution is king. Please send your comments or ideas to the project leader(s) or post it as a [https://github.com/spoofzu/DeepViolet/issues project issue].

=Project About=

{{Template:Project About
| project_name = DeepViolet
| project_description = TLS/SSL scanning tool for the command line, desktop, and API to include in your programs.
| project_license = [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License 2.0]
| leader_name1 = Milton Smith
| leader_email1 = milton.smith@owasp.org
| leader_username1 = [https://www.owasp.org/index.php/User:Miltonsmith Miltonsmith]
| mailing_list_name =[https://lists.owasp.org/mailman/listinfo/deepviolet https://lists.owasp.org/mailman/listinfo/deepviolet]
}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Code]]

OWASP DeepViolet TLS/SSL Scanner

2016-08-31T18:47:43Z

Miltonsmith: /* How is DeepViolet Helpful? */

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP DeepViolet TLS/SSL Scanner Code Project==

DeepViolet is a TLS/SSL scanning library/tool written in Java. Use DeepViolet from the command line in your own *nix or Windows scripts. Alternatively, use the graphical user interface to scan HTTPS web servers from your desktop or include the DeepViolet API to include TLS/SSL scanning in your applications. Check server certificate trust chains, revocation status, check certificates for pending expiration, weak signing algorithms and more.

==How is DeepViolet Helpful?==

Already great tools exist today for TLS/SSL scanning like, [https://www.ssllabs.com/ssltest/index.html, Qualys Labs], [https://observatory.mozilla.org/, Mozilla Observatory], [https://www.openssl.org/, OpenSSL]. Why do I care about DeepViolet? A valid question and one I asked myself. Originally, I wrote DeepViolet was written as an educational tool. A tool to TLS/SSL protocols better and some of the issues around recent attack trends better. The goal was not to develop a TLS/SSL scanner and compete with existing powerful tools. However, it turns out there are few choices for easy to use open source Java TLS/SSL scanning APIs. What better way to learn TLS/SSL knowledge and provide other scanning projects with a Java solution with friendly licensing - DeepViolet project was born.

==Licensing==

This library is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License, Version 2.0]. You can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Quick Start ==

See project [https://github.com/spoofzu/DeepViolet GitHub home page]

== Project Resources ==

[https://github.com/spoofzu/DeepViolet Source Code]

[https://github.com/spoofzu/DeepViolet/releases Release Binaries]

[https://github.com/spoofzu/DeepViolet/issues Issue Tracker]



==Requirements==

Java SE 8+

Tested on OS X and Windows

| valign="top" style="padding-left:25px;width:200px;" |

== Project Leader(s) ==

Milton Smith<br/>
[mailto:milton.smith@owasp.org email] [https://twitter.com/spoofzu/ twitter] [http://www.securitycurmudgeon.com/ blog ]

== Related Projects ==
[https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy Project]

[https://www.owasp.org/index.php/OWASP_Security_Logging_Project OWASP Security Logging Project]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

== News and Events ==
* [17 May 2016] Beta4 Release Candidate is available for download. See [https://github.com/spoofzu/DeepViolet/releases/tag/1.4.000 release notes] for detail.

|}

=FAQs=
Following are various frequently asked questions.

==How can I participate in your project?==
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator.

= Acknowledgements =

==Many Thanks==

Many thanks around negotiating TLS/SSL handshake and cipher suite handling adapted from code examples by Thomas Pornin [mailto://pornin@bolet.org/ email]

==Volunteers==

None yet. Fame, fortune, and security glory is within your grasp.

= Road Map and Getting Involved =

==Roadmap==

This project is operational and includes a number of powerful features. The roadmap is managed via the projects GitHub site, [https://github.com/spoofzu/DeepViolet/issues DeepViolet Roadmap]. Project roadmap is tracked as GitHub project issues and labeled accordingly. For example, at the time of this writing an issue has been created for Beta5 which is labeled, ''Beta5 Proposed Features/Roadmap''.

==Getting Involved==
You do not have to be a security expert or a programmer to contribute. Some of the ways you can help are as follows:

===Coding===
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests
===Localization===
Are you fluent in another language? Can you help translate the text strings in the <strong>Code Project Template</strong> into that language?
===Testing===
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.
===Build Management===
Are you a GitHub ninja? Into build management, setting up GitHub badges, Travis CI, etc. Let us know if you can offer your help.
===Feedback===
We are open to any thoughts you have to improve DeepViolet. When you propose your idea be sure to include how you can help. Ideas are great but execution is king. Please send your comments or ideas to the project leader(s) or post it as a [https://github.com/spoofzu/DeepViolet/issues project issue].

=Project About=

{{Template:Project About
| project_name = DeepViolet
| project_description = TLS/SSL scanning tool for the command line, desktop, and API to include in your programs.
| project_license = [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License 2.0]
| leader_name1 = Milton Smith
| leader_email1 = milton.smith@owasp.org
| leader_username1 = [https://www.owasp.org/index.php/User:Miltonsmith Miltonsmith]
| mailing_list_name =[https://lists.owasp.org/mailman/listinfo/deepviolet https://lists.owasp.org/mailman/listinfo/deepviolet]
}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Code]]

OWASP DeepViolet TLS/SSL Scanner

2016-08-31T18:46:52Z

Miltonsmith:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP DeepViolet TLS/SSL Scanner Code Project==

DeepViolet is a TLS/SSL scanning library/tool written in Java. Use DeepViolet from the command line in your own *nix or Windows scripts. Alternatively, use the graphical user interface to scan HTTPS web servers from your desktop or include the DeepViolet API to include TLS/SSL scanning in your applications. Check server certificate trust chains, revocation status, check certificates for pending expiration, weak signing algorithms and more.

==How is DeepViolet Helpful?==

Already great tools exist today for TLS/SSL scanning like, [https://www.ssllabs.com/ssltest/index.html, Qualys Labs], [https://observatory.mozilla.org/, Mozilla Observatory], [https://www.openssl.org/,OpenSSL]. Why do I care about DeepViolet? A valid question and one I asked myself. Originally, I wrote DeepViolet was written as an educational tool. A tool to TLS/SSL protocols better and some of the issues around recent attack trends better. The goal was not to develop a TLS/SSL scanner and compete with existing powerful tools. However, it turns out there are few choices for easy to use open source Java TLS/SSL scanning APIs. What better way to learn TLS/SSL knowledge and provide other scanning projects with a Java solution with friendly licensing - DeepViolet project was born.

==Licensing==

This library is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License, Version 2.0]. You can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Quick Start ==

See project [https://github.com/spoofzu/DeepViolet GitHub home page]

== Project Resources ==

[https://github.com/spoofzu/DeepViolet Source Code]

[https://github.com/spoofzu/DeepViolet/releases Release Binaries]

[https://github.com/spoofzu/DeepViolet/issues Issue Tracker]



==Requirements==

Java SE 8+

Tested on OS X and Windows

| valign="top" style="padding-left:25px;width:200px;" |

== Project Leader(s) ==

Milton Smith<br/>
[mailto:milton.smith@owasp.org email] [https://twitter.com/spoofzu/ twitter] [http://www.securitycurmudgeon.com/ blog ]

== Related Projects ==
[https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy Project]

[https://www.owasp.org/index.php/OWASP_Security_Logging_Project OWASP Security Logging Project]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

== News and Events ==
* [17 May 2016] Beta4 Release Candidate is available for download. See [https://github.com/spoofzu/DeepViolet/releases/tag/1.4.000 release notes] for detail.

|}

=FAQs=
Following are various frequently asked questions.

==How can I participate in your project?==
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator.

= Acknowledgements =

==Many Thanks==

Many thanks around negotiating TLS/SSL handshake and cipher suite handling adapted from code examples by Thomas Pornin [mailto://pornin@bolet.org/ email]

==Volunteers==

None yet. Fame, fortune, and security glory is within your grasp.

= Road Map and Getting Involved =

==Roadmap==

This project is operational and includes a number of powerful features. The roadmap is managed via the projects GitHub site, [https://github.com/spoofzu/DeepViolet/issues DeepViolet Roadmap]. Project roadmap is tracked as GitHub project issues and labeled accordingly. For example, at the time of this writing an issue has been created for Beta5 which is labeled, ''Beta5 Proposed Features/Roadmap''.

==Getting Involved==
You do not have to be a security expert or a programmer to contribute. Some of the ways you can help are as follows:

===Coding===
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests
===Localization===
Are you fluent in another language? Can you help translate the text strings in the <strong>Code Project Template</strong> into that language?
===Testing===
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.
===Build Management===
Are you a GitHub ninja? Into build management, setting up GitHub badges, Travis CI, etc. Let us know if you can offer your help.
===Feedback===
We are open to any thoughts you have to improve DeepViolet. When you propose your idea be sure to include how you can help. Ideas are great but execution is king. Please send your comments or ideas to the project leader(s) or post it as a [https://github.com/spoofzu/DeepViolet/issues project issue].

=Project About=

{{Template:Project About
| project_name = DeepViolet
| project_description = TLS/SSL scanning tool for the command line, desktop, and API to include in your programs.
| project_license = [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License 2.0]
| leader_name1 = Milton Smith
| leader_email1 = milton.smith@owasp.org
| leader_username1 = [https://www.owasp.org/index.php/User:Miltonsmith Miltonsmith]
| mailing_list_name =[https://lists.owasp.org/mailman/listinfo/deepviolet https://lists.owasp.org/mailman/listinfo/deepviolet]
}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Code]]

OWASP DeepViolet TLS/SSL Scanner

2016-08-31T18:45:33Z

Miltonsmith: /* Requirements */

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP DeepViolet TLS/SSL Scanner Code Project==

DeepViolet is a TLS/SSL scanning library/tool written in Java. Use DeepViolet from the command line in your own *nix or Windows scripts. Alternatively, use the graphical user interface to scan HTTPS web servers from your desktop or include the DeepViolet API to include TLS/SSL scanning in your applications. Check server certificate trust chains, revocation status, check certificates for pending expiration, weak signing algorithms and more.

==How is DeepViolet Helpful?==

Already great tools exist today for TLS/SSL scanning like, [https://www.ssllabs.com/ssltest/index.html, Qualys Labs], [https://observatory.mozilla.org/, Mozilla Observatory], [https://www.openssl.org/,OpenSSL]. Why do I care about DeepViolet? A valid question and one I asked myself. Originally, I wrote DeepViolet was written as an educational tool. A tool to TLS/SSL protocols better and some of the issues around recent attack trends better. The goal was not to develop a TLS/SSL scanner and compete with existing powerful tools. However, it turns out there are few choices for easy to use open source Java TLS/SSL scanning APIs. What better way to learn TLS/SSL knowledge and provide other scanning projects with a Java solution with friendly licensing - DeepViolet project was born.

==Licensing==

This library is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License, Version 2.0]. You can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Quick Start ==

See project [https://github.com/spoofzu/DeepViolet GitHub home page]

== Project Resources ==

[https://github.com/spoofzu/DeepViolet Source Code]

[https://github.com/spoofzu/DeepViolet/releases Release Binaries]

[https://github.com/spoofzu/DeepViolet/issues Issue Tracker]



==Requirements==

Java SE 8+
Tested on OS X and Windows

| valign="top" style="padding-left:25px;width:200px;" |

== Project Leader(s) ==

Milton Smith<br/>
[mailto:milton.smith@owasp.org email] [https://twitter.com/spoofzu/ twitter] [http://www.securitycurmudgeon.com/ blog ]

== Related Projects ==
[https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy Project]

[https://www.owasp.org/index.php/OWASP_Security_Logging_Project OWASP Security Logging Project]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

== News and Events ==
* [17 May 2016] Beta4 Release Candidate is available for download. See [https://github.com/spoofzu/DeepViolet/releases/tag/1.4.000 release notes] for detail.

|}

=FAQs=
Following are various frequently asked questions.

==How can I participate in your project?==
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator.

= Acknowledgements =

==Many Thanks==

Many thanks around negotiating TLS/SSL handshake and cipher suite handling adapted from code examples by Thomas Pornin [mailto://pornin@bolet.org/ email]

==Volunteers==

None yet. Fame, fortune, and security glory is within your grasp.

= Road Map and Getting Involved =

==Roadmap==

This project is operational and includes a number of powerful features. The roadmap is managed via the projects GitHub site, [https://github.com/spoofzu/DeepViolet/issues DeepViolet Roadmap]. Project roadmap is tracked as GitHub project issues and labeled accordingly. For example, at the time of this writing an issue has been created for Beta5 which is labeled, ''Beta5 Proposed Features/Roadmap''.

==Getting Involved==
You do not have to be a security expert or a programmer to contribute. Some of the ways you can help are as follows:

===Coding===
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests
===Localization===
Are you fluent in another language? Can you help translate the text strings in the <strong>Code Project Template</strong> into that language?
===Testing===
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.
===Build Management===
Are you a GitHub ninja? Into build management, setting up GitHub badges, Travis CI, etc. Let us know if you can offer your help.
===Feedback===
We are open to any thoughts you have to improve DeepViolet. When you propose your idea be sure to include how you can help. Ideas are great but execution is king. Please send your comments or ideas to the project leader(s) or post it as a [https://github.com/spoofzu/DeepViolet/issues project issue].

=Project About=

{{Template:Project About
| project_name = DeepViolet
| project_description = TLS/SSL scanning tool for the command line, desktop, and API to include in your programs.
| project_license = [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License 2.0]
| leader_name1 = Milton Smith
| leader_email1 = milton.smith@owasp.org
| leader_username1 = [https://www.owasp.org/index.php/User:Miltonsmith Miltonsmith]
| mailing_list_name =[https://lists.owasp.org/mailman/listinfo/deepviolet https://lists.owasp.org/mailman/listinfo/deepviolet]
}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Code]]

OWASP DeepViolet TLS/SSL Scanner

2016-08-31T18:45:05Z

Miltonsmith: Change home page. Include the DV why story.

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP DeepViolet TLS/SSL Scanner Code Project==

DeepViolet is a TLS/SSL scanning library/tool written in Java. Use DeepViolet from the command line in your own *nix or Windows scripts. Alternatively, use the graphical user interface to scan HTTPS web servers from your desktop or include the DeepViolet API to include TLS/SSL scanning in your applications. Check server certificate trust chains, revocation status, check certificates for pending expiration, weak signing algorithms and more.

==How is DeepViolet Helpful?==

Already great tools exist today for TLS/SSL scanning like, [https://www.ssllabs.com/ssltest/index.html, Qualys Labs], [https://observatory.mozilla.org/, Mozilla Observatory], [https://www.openssl.org/,OpenSSL]. Why do I care about DeepViolet? A valid question and one I asked myself. Originally, I wrote DeepViolet was written as an educational tool. A tool to TLS/SSL protocols better and some of the issues around recent attack trends better. The goal was not to develop a TLS/SSL scanner and compete with existing powerful tools. However, it turns out there are few choices for easy to use open source Java TLS/SSL scanning APIs. What better way to learn TLS/SSL knowledge and provide other scanning projects with a Java solution with friendly licensing - DeepViolet project was born.

==Licensing==

This library is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License, Version 2.0]. You can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Quick Start ==

See project [https://github.com/spoofzu/DeepViolet GitHub home page]

== Project Resources ==

[https://github.com/spoofzu/DeepViolet Source Code]

[https://github.com/spoofzu/DeepViolet/releases Release Binaries]

[https://github.com/spoofzu/DeepViolet/issues Issue Tracker]



==Requirements==

Java SE 8+
Tested on OS X and Windows

| valign="top" style="padding-left:25px;width:200px;" |

== Project Leader(s) ==

Milton Smith<br/>
[mailto:milton.smith@owasp.org email] [https://twitter.com/spoofzu/ twitter] [http://www.securitycurmudgeon.com/ blog ]

== Related Projects ==
[https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy Project]

[https://www.owasp.org/index.php/OWASP_Security_Logging_Project OWASP Security Logging Project]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

== News and Events ==
* [17 May 2016] Beta4 Release Candidate is available for download. See [https://github.com/spoofzu/DeepViolet/releases/tag/1.4.000 release notes] for detail.

|}

=FAQs=
Following are various frequently asked questions.

==How can I participate in your project?==
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator.

= Acknowledgements =

==Many Thanks==

Many thanks around negotiating TLS/SSL handshake and cipher suite handling adapted from code examples by Thomas Pornin [mailto://pornin@bolet.org/ email]

==Volunteers==

None yet. Fame, fortune, and security glory is within your grasp.

= Road Map and Getting Involved =

==Roadmap==

This project is operational and includes a number of powerful features. The roadmap is managed via the projects GitHub site, [https://github.com/spoofzu/DeepViolet/issues DeepViolet Roadmap]. Project roadmap is tracked as GitHub project issues and labeled accordingly. For example, at the time of this writing an issue has been created for Beta5 which is labeled, ''Beta5 Proposed Features/Roadmap''.

==Getting Involved==
You do not have to be a security expert or a programmer to contribute. Some of the ways you can help are as follows:

===Coding===
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests
===Localization===
Are you fluent in another language? Can you help translate the text strings in the <strong>Code Project Template</strong> into that language?
===Testing===
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.
===Build Management===
Are you a GitHub ninja? Into build management, setting up GitHub badges, Travis CI, etc. Let us know if you can offer your help.
===Feedback===
We are open to any thoughts you have to improve DeepViolet. When you propose your idea be sure to include how you can help. Ideas are great but execution is king. Please send your comments or ideas to the project leader(s) or post it as a [https://github.com/spoofzu/DeepViolet/issues project issue].

=Project About=

{{Template:Project About
| project_name = DeepViolet
| project_description = TLS/SSL scanning tool for the command line, desktop, and API to include in your programs.
| project_license = [https://github.com/spoofzu/DeepViolet/blob/master/LICENSE Apache License 2.0]
| leader_name1 = Milton Smith
| leader_email1 = milton.smith@owasp.org
| leader_username1 = [https://www.owasp.org/index.php/User:Miltonsmith Miltonsmith]
| mailing_list_name =[https://lists.owasp.org/mailman/listinfo/deepviolet https://lists.owasp.org/mailman/listinfo/deepviolet]
}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Code]]

Milton Smith 2016 Bio & Why Me?

2016-08-30T19:29:18Z

Miltonsmith: change to bio

'''About Milton:'''

Milton Smith (California) is an application security security principal at Oracle working strategically to improve application security. Milton is also a project leader for both the OWASP Security Logging Project and the DeepViolet for SSL/TLS scanner project. Prior to Oracle, Milton lead security for Yahoo's User Data Analytics property. For more information visit, securitycurmudgeon.com or follow Milton on Twitter(@spoofzu).

'''Why I would like to be elected to the Global OWASP Foundation Board of Directors'''

Many organizations throughout industry struggle with security. In fact, hardly a day passes without news of serious exploitation. Many outside our industry feel security is hopeless no matter how much investment is applied. As application security professionals we know this is not true. Security can be so much better than it is today! We don’t fail because we fall short on ideas for positive improvement. We fall short on resources and implementation. Many industries don’t invest in application security to a level commensurate with their risk and exposure. The auto industry does not get to decide if cars will include seat belts or air bags. Business owners don’t get to decide if buildings will include fire alarms and sprinkler systems. We don’t leave these decisions to organization executives. Application security must be treated similarly. It’s my strong desire to influence industry in ways encouraging more positive security outcomes for organizations and security practitioners.

Talk:Session Management Cheat Sheet

2016-08-27T15:57:19Z

Miltonsmith: Session ID Name Fingerprinting

I'm in the process of reviewing and working on some session management and came across your cheat sheet. I think you should consider dropping the section, "Session ID Name Fingerprinting". My reason, is that I don't believe it's very practical advice for most people. The session identifiers like, "JSESSIONID" are dictated by industry standards and driven by implementation. Perhaps you have another point your trying to make but I missed it. By the way, I like your session management cheat sheet and consider it a valuable resource for all developers.