Server Crash » « Storm Worm Descends on Blogspot 
SSA Version 1.5.2 – OVAL Vulnerability Assessment Software
Darknet spilled these bits on October 9th 2007 @ 8:44 pm

SSA (Security System Analyzer) is free non-intrusive OVAL-Compatible software. It provides security testers, auditors with an advanced overview of the security policy level applied.

Features :

  • OVAL-compatible product
  • SCAP (Security Content Automation Protocol)
  • Perform a deep inventory audit on installed softwares and applications
  • Scan and map vulnerabilities using non-intrusive techniques based on schemas
  • Detect and identify missed patches and hotfixes
  • Define a patch management deployment strategy using CVSS scores

Changelog for v.1.5.2

  • Based on OVAL 5.3 build 20 (see OVAL project for more information)
  • SSA now supports SCAP (Security Content Automation Protocol)
  • SSA now supports scan for missed patches (using SCAP format)
  • Updated OVAL XML Viewer Plugin
  • Updated database to 2039 definitions

Download it here:

SSA Version 1.5.2

Or read more here.

Tags:  ,  ,  ,  ,  ,  ,  ,  ,  ,  

rss Subscribe to Darknet RSS Feed rss

Stored in: Exploits/Vulnerabilities, Security Software

Related Posts:
- SSA Version 1.5.2 – OVAL Vulnerability Assessment Software
- SSA 1.5.1 – Security System Analyzer an OVAL Based Scanner
- SSA 1.5.1 Released – Security System Analyzer an OVAL Based Scanner
- Penetration Testing vs Vulnerability Assessment
- OpenVAS – Open Vulnerability Assessment System (Nessus is Back!)
- Vulnerability Assessment and Operational Security Testing Methodology (VAOST) – version 0.2 released

| 1,767 views |

comments are closed
  1. dre
    October 25th, 2007 | 1:31 am

    qualys has integrated oval support into their product.

    i find that the avdl support in webinspect is much more mature, and i wish that other products would support this… although oval support isn’t that bad of an idea either

  2. fazed
    October 30th, 2007 | 5:47 pm

    I have to agree with dre..

  3. dre
    October 31st, 2007 | 5:46 am

    There is a ton of information about OVAL on these forums.

    I’m reconsidering what I said earlier about OVAL after looking at the MITRE integration overall. I’m also reconsidering AVDL because it turns out that WebInspect hasn’t even supported it themselves all year.

    For example, check out this presentation by Bob Martin on CWE. On slide 15 (second to last slide), he shows how XCCDF and OVAL can be used as knowledge repositories to bring data to/from operations security management processes.

Sitemap - ShaolinTiger - DigiSniper - Digital Photography
Shutter Asia Photography Forum - We Ate This