>> My current line of work is automating security scans for printers. I am familiar with NASL but was going to skip writing plugins in that if OVAL was the future. I am assuming this forum will announce when we are able to proceed with the prototype code. I am comfortable with SVN branch and trunk development so I will keep an eye out for it.
>What I learned about OVAL so far is that doing more complex vulnerability tests is getting hard if not impossible. >Most OVAL content I see is about patch level testing and policies. We are using OVAL extensively for endpoint vulnerability/configuration assessments and confidently I can say we develop all sorts of vulnerability tests. But, OVAL is meant to be a language to do endpoint security assessments by being on the endpoint or using authenticated scans to remote endpoints. It is not for the purpose of remotely assessing a vulnerability by crafting and sending some type of packets. I would assume, for printers, you'll be doing the latter. So, NASL is the best bet for that purpose. Thanks, Chandra. _______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
