OpenVAS release 2.0.0 available

18 December 2008

OpenVAS stands for Open Vulnerability Assessment System and is a network security scanner with associated tools like a graphical user fontend. The core is a server component with a set of plugins to test various vulnerabilities in remote systems and applications.

The main changes

Initial OVAL Support: OpenVAS 2.0.0 introduces preliminary support for OVAL, the Open Vulnerability and Assessment Language. OVAL is an international, information security, community standard to promote open, standardized and publicly available security content. The OpenVAS server can now execute OVAL files just like its own Network Vulnerability Tests (NVTs) using the OVAL definitions interpreter "ovaldi". While the plain ovaldi tool can only check local systems where it is installed, the combination with OpenVAS enables ovaldi to test any target system for which OpenVAS has collected information. OpenVAS 2.0.0 includes readily available support for Red Hat Enterprise Linux security announcements as published in OVAL format. OVAL support will expand to further platforms.
OpenVAS Transfer Protocol (OTP): A comprehensive audit of the Nessus Transfer Protocol (NTP) resulted in numerous improvements and fixes and lead to the OpenVAS Transfer Protocol (OTP). Since NTP support was dropped entirely, the 1.0 and 2.0 series of OpenVAS Server and Client can not operate in mixed mode.
Object Identifiers (OIDs): In order to make identifying individual NVTs easier, OpenVAS adopted an OID-based numbering scheme for NVTs. OIDs in OpenVAS will start with the prefix 1.3.6.1.4.1.25623, backward compatibility in server and client has been ensured.
64-bit Support: Intensive work on 64-bit cleanliness has been undertaken. OpenVAS 2.0.0 is expected be fully 64-bit compatible.
Improved GUI Client: The OpenVAS-Client has seen a number of improvements and is now able to display NVT signature information in the GUI and in the various reports. Reporting has been improved as well as localization for various languages (best support in this order: German, Spanish/French, Swedish, Hebrew, Croatian).
Bugfixes: Any spotted bugs have been fixed. Please refer to the CHANGES files supplied with the individual modules for details.
Code Audit: A large amount of outdated or unused code has been identified and removed or replaced.

Post scriptum

Download

Compliance Mandates

Vulnerability Scanner :
PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2

OpenVAS	24 December 2009 : OpenVAS 3.0 released 10 October 2009 : OpenVAS 3.0 BETA released 2 April 2009 : AutoNessus v1.3.0 supports OpenVAS 20 March 2009 : OpenVAS updates 18 December 2008 : OpenVAS release 2.0.0 available
Vulnerability Scanner	12 May 2010 : Complemento v0.7.6 - Collection of Tools 10 May 2010 : SQLNinja v0.2.5 released! 26 April 2010 : Acunetix WVS v6.5 build 20100419 released 22 April 2010 : OpenSCAP v0.5.9 released 20 April 2010 : Sandcat v4.0 released

OpenVAS release 2.0.0 available

Post scriptum

Compliance Mandates

Related Articles

Follow us

Like us !

Most Read

Advertising

License

Categories

COMPANY

STANDARDS

RECENT POSTS

MENU