09 October 2007 | 2,720 views

SSA Version 1.5.2 – OVAL Vulnerability Assessment Software

SSA (Security System Analyzer) is free non-intrusive OVAL-Compatible software. It provides security testers, auditors with an advanced overview of the security policy level applied.

Features :

  • OVAL-compatible product
  • SCAP (Security Content Automation Protocol)
  • Perform a deep inventory audit on installed softwares and applications
  • Scan and map vulnerabilities using non-intrusive techniques based on schemas
  • Detect and identify missed patches and hotfixes
  • Define a patch management deployment strategy using CVSS scores

Changelog for v.1.5.2

  • Based on OVAL 5.3 build 20 (see OVAL project for more information)
  • SSA now supports SCAP (Security Content Automation Protocol)
  • SSA now supports scan for missed patches (using SCAP format)
  • Updated OVAL XML Viewer Plugin
  • Updated database to 2039 definitions

Download it here:

SSA Version 1.5.2

Or read more here.


Tags: , , , , , , , , ,
# Posted in: Exploits/Vulnerabilities, Security Software | * 3 Comments


Recent in Exploits/Vulnerabilities:
- Evernote Hacked – ALL Users Required To Reset Passwords
- Apple, Facebook & Hundreds More Hacked By 0-Day Java Exploit
- Weevely – PHP Stealth Tiny Web Shell

Related Posts:
- SSA Version 1.5.2 – OVAL Vulnerability Assessment Software
- SSA 1.5.1 – Security System Analyzer an OVAL Based Scanner
- SSA 1.5.1 Released – Security System Analyzer an OVAL Based Scanner

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 218,642 views
- AJAX: Is your application secure enough? - 117,840 views
- eEye Launches 0-Day Exploit Tracker - 84,870 views


3 Responses to “SSA Version 1.5.2 – OVAL Vulnerability Assessment Software”

  1. dre 25 October 2007 at 1:31 am Permalink

    qualys has integrated oval support into their product.

    i find that the avdl support in webinspect is much more mature, and i wish that other products would support this… although oval support isn’t that bad of an idea either

  2. fazed 30 October 2007 at 5:47 pm Permalink

    I have to agree with dre..

  3. dre 31 October 2007 at 5:46 am Permalink

    There is a ton of information about OVAL on these forums.

    I’m reconsidering what I said earlier about OVAL after looking at the MITRE integration overall. I’m also reconsidering AVDL because it turns out that WebInspect hasn’t even supported it themselves all year.

    For example, check out this presentation by Bob Martin on CWE. On slide 15 (second to last slide), he shows how XCCDF and OVAL can be used as knowledge repositories to bring data to/from operations security management processes.