SSA Security System Analyzer version 1.6 beta 1 released

SSA (Security System Analyzer) is free non-intrusive OVAL-Compatible software. It provides security testers, auditors with an advanced overview of the security policy level applied.

Features :

  • OVAL-compatible product
  • Fully support of open security standards and initiatives (CVE, OVAL, CCE, CPE, CWE, CAPEC, CVSS, CRF)
  • Perform a deep inventory audit on installed softwares and applications
  • Scan and map vulnerabilities using non-intrusive techniques based on schemas
  • Detect and identify missed patches and hotfixes
  • Define a patch management deployment strategy using CVSS scores

New features

  • Fully support the Open security standards and initiatives as well as CVE, CWE, CPE, CCE, CWE, CAPEC, CVSS, CRF. Please refer to Making Security Measurable Website
  • GUI redesigned and reworked
  • Introduced Plugins integration and management:

* Many new HOT plugins to be released soon (CCE, Nikto, Nipper....)

  • New SSA core engine designed:

* Introduced a loader to check configurations
* Configurations are stored into XML files.
* Enhanced scanning capabilities
* The support of plugins integration
* Advanced exceptions and errors handling

  • OVAL Security Checks Plugin improvements:

* Fast and simple to use
* Verifies the definitions files against their MD5 signatures (only from security-database.com)
* Based on the latest OVAL Interpreter 5.3 Build 68
* Scan using categories (Inventory, Patch and Vulnerability) with the respect of the new OVAL repository requirements
* Plugin handles only "True" results.

  • New Updater plugin:

* Support of Proxying (now support only simple proxies)
* Definitions can be downloaded from 2 sources repositories (security-database.com or oval.mitre.org)
* Download only essential definitions files to be used

!!!! Next Beta 2 !!!!

  • New plugin based upon the CCE (Common Configurations Checks) standard.
  • Fix some know bugs (OVAL security checks progress bar could freeze)
  • Added the NTLM proxy authentication.
  • Activate the New Report Plugin in compliance with the CRF (Common Results Format) standard.
  • Documentation beta