From: Nathan Einwechter (nathan@ontologystream.com)
Date: Wed Dec 07 2005 - 12:47:30 EST
Chris:
<snip>
However, i need to include a vulnerabilty database but the soft could be
very slow by scanning the DB.
Is anyone could help me please ?
</snip>
Instead of a vulnerability database that you build yourself, consider
using XML and implementing the OVAL (http://oval.mitre.org) definitions
for finding vulnerabilities.
Advantages - It's XML, you can write your own tests easily, it's
supported by a decent sized community, supports multiple tests on OS and
contains a ton of vulnerabilities already. It's also a recognizable and
verifiable standard, and you can even get your product OVAL certified
fairly easily.
I just finished an implementation of a vulnerability scanning system for
forensics (so we can do vuln scans in a forensic way, remotely, on live
systems, or on images of systems). I used OVAL for this project and it's
working beautifully. It definitely made my job easier. It also allows me
to update my product from the community contributions regularly.
-- Nathan
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:14 EDT