09 October 2007 | 2,744 views

SSA Version 1.5.2 – OVAL Vulnerability Assessment Software

Don't let your data go over to the Dark Side!

SSA (Security System Analyzer) is free non-intrusive OVAL-Compatible software. It provides security testers, auditors with an advanced overview of the security policy level applied.

Features :

  • OVAL-compatible product
  • SCAP (Security Content Automation Protocol)
  • Perform a deep inventory audit on installed softwares and applications
  • Scan and map vulnerabilities using non-intrusive techniques based on schemas
  • Detect and identify missed patches and hotfixes
  • Define a patch management deployment strategy using CVSS scores

Changelog for v.1.5.2

  • Based on OVAL 5.3 build 20 (see OVAL project for more information)
  • SSA now supports SCAP (Security Content Automation Protocol)
  • SSA now supports scan for missed patches (using SCAP format)
  • Updated OVAL XML Viewer Plugin
  • Updated database to 2039 definitions

Download it here:

SSA Version 1.5.2

Or read more here.


Recent in Exploits/Vulnerabilities:
- PayPal Remote Code Execution Vulnerability Patched
- Fortinet SSH Backdoor Found In Firewalls
- Facebook Disabled Flash For Video Finally

Related Posts:
- SSA 1.5.1 – Security System Analyzer an OVAL Based Scanner
- SSA 1.5.1 Released – Security System Analyzer an OVAL Based Scanner
- Penetration Testing vs Vulnerability Assessment

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 233,118 views
- AJAX: Is your application secure enough? - 119,820 views
- eEye Launches 0-Day Exploit Tracker - 85,360 views

Low-cost VPS Hosting

3 Responses to “SSA Version 1.5.2 – OVAL Vulnerability Assessment Software”

  1. dre 25 October 2007 at 1:31 am Permalink

    qualys has integrated oval support into their product.

    i find that the avdl support in webinspect is much more mature, and i wish that other products would support this… although oval support isn’t that bad of an idea either

  2. fazed 30 October 2007 at 5:47 pm Permalink

    I have to agree with dre..

  3. dre 31 October 2007 at 5:46 am Permalink

    There is a ton of information about OVAL on these forums.

    I’m reconsidering what I said earlier about OVAL after looking at the MITRE integration overall. I’m also reconsidering AVDL because it turns out that WebInspect hasn’t even supported it themselves all year.

    For example, check out this presentation by Bob Martin on CWE. On slide 15 (second to last slide), he shows how XCCDF and OVAL can be used as knowledge repositories to bring data to/from operations security management processes.