Vunerability XML vDNA - Security Database IT Watching

vDNA
Version	1.3 Beta
Release	2012.02.10
Download	vDNA.xsd

vDNA List
Version	1.1 Beta
Release	2012.02.10
Download	vDNA_List.xsd

vDNA Exemple
Version	1.0 Beta
Release	2012.02.01
Download	CVE-2009-3135.xml

API Documentations
vDNA Doc	here

Apply to vDNA Private Beta
Beta Stage	here

vDNA - Vunerability DNA by Security-Database

vDNA © is the Security-Database naming scheme that provides structured enumeration of specific detailed description for a Security Alert.

The main goal of vDNA © is to provide to third party system/program/website an easy way to integrate full documented CVE Alert.
Any tool integrating the XML vDNA © scheme will be able to consume, identify and report all data related to a specific vulnerability.

Taking into account the benefits of SecurityMetrics standards principles, vDNA © adopted most of all Open Standards (CVE, CVSS, CPE, CWE, CAPEC, OVAL) aligned with biggest security references as well as OSVDB, Milw0rm, Metasploit and Saint then cross-linked with other vendors (Microsoft bulletin and KB, US-CERT VU-CERT, Debian, Mandriva, Redhat, Cisco, Sun, Ubuntu and Gentoo ) to draw actually the most advanced security CVE feed.

Data Feeds are provided thought Secured (SSL & Encryption) API based Web-Service (served with XML) or Base64 76 Column.

vDNA © provides thoses defaults informations for a given Alert :

Provided (Open Standards)
Common Vulnerability Enumeration : CVE
Common Vulnerability Scoring System : CVSS
Common Patern Enumeration : CPE (mitre.org)
Common Weakness Enumeration : CWE (mitre.org)
Common Attack Pattern Enumeration and Classification : CAPEC (mitre.org)
Open Vulnerability and Assessment Language : OVAL
Open Source Vulnerability Database : OSVDB

Provided (Third Vendors Databases)
Exploits information : Milw0rm
Exploits framework : Metasploit
SAINT vulnerability : SAINT

Related Open-Source Alerts	Related Vendors Alerts
Debian	Microsoft Bulletins (MSXX-XXX)
Mandriva	Microsoft KB (Security-Advisories)
RedHat	Technical Advisories TA-CERT
Ubuntu	Vulnerability Notes VU-CERT
Gentoo	Sun microsystem Alerts
	Cisco Alerts

EXAMPLES OF USE

Automatically get fully normalized Xml for alert from Security-Database.com

Using automated XML / XSD parser software to read default entries. Note, that the software should able to handle communications protocols (HTTP, HTTPS, XML, XSD, SOAP)

KEY FEATURES OF vDNA

Built using Security-Database Technology Distribution Flow vDNA

Accurate Vulnerability Database with multiple Sources, Vendors & Open Standards

Comply with Standards : CVE, CWE, CPE, OVAL, CVSS, CAPECS ...

Easy integration with Website & Third Party Security Software

Reliable API for Security Consulting Services

Help Integrators to become CVE Compatible

Help Integrators to become CWE Compatible

APPLY TO THE BETA

vDNA XML is under private Beta stagging

If your are interested to be a Beta tester, please fill up the form here.

vDNA STANDARDS & VENDORS

Open Standards



Vendor Databases