SSA 1.6 Beta 2 released

by

In: Configurations checks , Local auditing , SSA , Vulnerability Management

14 April 2008

SSA (Security System Analyzer) is free non-intrusive OVAL-Compatible software. It provides security testers, auditors with an advanced overview of the security policy level applied.

Features :

  • OVAL-compatible product
  • Fully support of open security standards and initiatives (CVE, OVAL, CCE, CPE, CWE, CAPEC, CVSS, CRF)
  • Perform a deep inventory audit on installed softwares and applications
  • Scan and map vulnerabilities using non-intrusive techniques based on schemas
  • Detect and identify missed patches and hotfixes
  • Define a patch management deployment strategy using CVSS scores

SSA 1.6 beta 2 just released

Changelog

  • Updated OVAL Security Check Plugin to support OVAL 5.4 schema
  • Proxy support of NTLM authentication
  • Reported Bugs fixed
  • Draft documentation delayed (sorry guys, we’ve urged to release beta 2 to fix errors generated with OVAL 5.3 schema)

Next Beta 3 roadmap :

  • Full support of CRF standard (reporting)
  • Beta release of CCE Security Check Plugin
  • Draft documentation

Post scriptum

Compliance Mandates

  • Vulnerability Management :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


Related Articles

Configurations checks
Local auditing
SSA
Vulnerability Management