Penetration Testing mailing list archives
RE: Attack trees
From: "Nathan Einwechter" <nathan () ontologystream com>
Date: Wed, 7 Dec 2005 12:47:30 -0500
Chris: <snip> However, i need to include a vulnerabilty database but the soft could be very slow by scanning the DB. Is anyone could help me please ? </snip> Instead of a vulnerability database that you build yourself, consider using XML and implementing the OVAL (http://oval.mitre.org) definitions for finding vulnerabilities. Advantages - It's XML, you can write your own tests easily, it's supported by a decent sized community, supports multiple tests on OS and contains a ton of vulnerabilities already. It's also a recognizable and verifiable standard, and you can even get your product OVAL certified fairly easily. I just finished an implementation of a vulnerability scanning system for forensics (so we can do vuln scans in a forensic way, remotely, on live systems, or on images of systems). I used OVAL for this project and it's working beautifully. It definitely made my job easier. It also allows me to update my product from the community contributions regularly. -- Nathan ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Attack trees Christophe Herault (Dec 07)
- RE: Attack trees Nathan Einwechter (Dec 07)
- RE: Attack trees Rocky (Dec 07)
- <Possible follow-ups>
- Re: Attack trees mjacobs . 1 (Dec 08)
- Re: Re: Attack trees Terry . Ingoldsby (Dec 09)