On Dienstag, 19. Mai 2009, Geoff Galitz wrote:
> I have been contemplating putting together a web accessible database to
> catalogue nasl files and related files. Any recognizable property would be
> included in the db. For example:
>
> - descriptions
> - CVE identifiers
> - vendor specific identifiers
> - is this a local or remote check?
> - script family
> - and so on...
I was planning already a sqlite-based DB for this with the intention to replace
the cache files. Of course the same DB could be used on the client-side as well
:-)
> Perhaps adding a text search for the nasl scripts is good idea, too.
> Particularly if you are not exactly clear on what you are looking for as a
> developer or user or if you need to identify certain functions or system
> calls in the event they are deprecated and need to change to remain
> compatible (speaking from past experience).
SQL would deliver all the search methods you dream of ;-)
> This is relevant for the Top20 discussion because a filter could be
> implemented pretty easily to identify these vulnerabilities and create an
> up-to-date scanning profile.
I don't think SANS Top 20 is something to solve with scan profiles.
I rather think of a NASL skript to coordinate the SANS Top 20.
Greenbone implemented a prototype for this method for the german
GSHB already.
> I currently don't have a lot of time to devote to new projects at this
> moment, but if folks think this would be useful (and not redundant) I'd
> explore doing this. If someone out there would be willing to fund such a
> project... then I could certainly move it up the list of priorities.
I'd be interested in gathering a small team to work on the sqlite DB
approach :-)
However, first we need a good data model.
Best
Jan
--
Dr. Jan-Oliver Wagner | ++49-541-335083-0 | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
_______________________________________________
Openvas-discuss mailing list
[email protected]
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
