We use proprietary and third party's cookies to improve your experience and our services, identifying your Internet Browsing preferences on our website; develop analytic activities and display advertising based on your preferences. If you keep browsing, you accept its use. You can get more information on our Cookie Policy
Cookies Policy
Vulnerabilities OVAL scanner - FIWARE Forge Wiki

Vulnerabilities OVAL scanner

From FIWARE Forge Wiki

Jump to: navigation, search

Contents

Brief description

Nessus is designed to automate the testing and discovery of known security problems, allowing to correct problems before they are exploited. Nessus will be compatible OVAL Through a converter.

Open Vulnerability and Assessment Language (OVAL™) is an international, information security, community standard to promote open and publicly available security content, and to standardize the transfer of this information across the entire spectrum of security tools and services. OVAL™ includes a language used to encode system details, and an assortment of content repositories held throughout the community.

The OVAL language standardizes the three main steps of the assessment process: representing configuration information of systems for testing; analyzing the system for the presence of the specified machine state (vulnerability, configuration, patch state, etc.); and reporting the results of this assessment. Source : oval.mitre.org.

Programming artefacts

Nessus uses a client server technology. Servers can be placed at various strategic points on a network allowing tests to be conducted from various points of view. A central client or multiple distributed clients can control all the servers.

Nessus checks database is updated on a daily basis and can be retrieved with the command nessus-update-plugins. Nessus has the ability to detect the remote flaws of the hosts on the network, but their local flaws and missing patches as well.Nessus has the ability to test SSLized services such as https, smtps, imaps, and more.

Nessus has been built so that it can easily scale. Nessus Security Scanner includes NASL, (Nessus Attack Scripting Language) a language designed to write security test easily and quickly. Nessus gives you the choice between performing a regular non-destructive security audit on a routinely basis, or to throw everything you can at a remote host to see how will it withstands attacks from intruders.

The language OVAL standardizes the three main steps of the assessment process : Representing configuration information of systems for testing; Analyzing the system for the presence of the specified machine state (vulnerability, configuration, patch state, etc.) and Reporting the results of this assessment.

Technologies Used

Open Vulnerability and Assessment Language (OVAL™)

Runtime pre-requisites

Windows and Linux environments

IPR

Nessus is public domain software released under the GPL

Publicly available documentation

http://www.oval.mitre.org

Personal tools
Create a book