Specifications

vDNA is the Security-Database naming scheme that provides structured enumeration of specific detailed description for a Security Alert.

The main goal of vDNA is to provide to third party system/program/website an easy way to integrate full documented CVE Alert.
Any tool integrating the XML vDNA scheme will be able to consume, identify and report all data related to a specific vulnerability.

Taking into account the benefits of SecurityMetrics standards principles, vDNA adopted most of all Open Standards (CVE, CVSS, CPE, CWE, CAPEC, OVAL) aligned with biggest security references as well as OSVDB, Milw0rm, Metasploit and Saint then cross-linked with other vendors (Microsoft bulletin and KB, US-CERT VU-CERT, Debian, Mandriva, Redhat, Cisco, Sun, Ubuntu and Gentoo ) to draw actually the most advanced security CVE feed.

Data Feeds are provided thought Secured (SSL & Encryption) API based Web-Service (served with XML) or Base64 76 Column.

vDNA provides thoses defaults informations for a given Alert :

Provided (Open Standards)
Common Vulnerability Enumeration : CVE
Common Patern Enumeration : CPE (mitre.org)
Common Vulnerability Scoring System : CVSS
Common Weakness Enumeration : CWE (mitre.org)
Common Attack Pattern Enumeration and Classification : CAPEC (mitre.org)
Open Vulnerability and Assessment Language : OVAL
Open Source Vulnerability Database : OSVDB
Provided (Third Vendors Databases)
Exploits information : Milw0rm
Exploits framework : Metasploit
Exploits information : Exploitdb
SAINT vulnerability : SAINT
Exploits information : OpenVAS
Information Assurance Vulnerability Management (IAVM)
SnortĀ® Network intrusion prevention and detection system (IDS/IPS)
NessusĀ® Vulnerability Scanner
Related Open-Source Alerts Related Vendors Alerts
Debian Microsoft Bulletins (MSXX-XXX)
Mandriva Microsoft KB (Security-Advisories)
RedHat Technical Advisories TA-CERT
Ubuntu Vulnerability Notes VU-CERT
Gentoo Sun microsystem Alerts
  Cisco Alerts
  HP Alerts
  VMWare Alerts

Examples of use

  • Automatically get fully normalized Xml for alert from Security-Database.com
  • Using automated XML / XSD parser software to read default entries. Note, that the software should able to handle communications protocols (HTTP, HTTPS, XML, XSD, SOAP)

Key features of vDNA

  • Built using Security-Database Technology Distribution Flow vDNA
  • Accurate Vulnerability Database with multiple Sources, Vendors & Open Standards
  • Comply with Standards : CVE, CWE, CPE, OVAL, CVSS, CAPECS ...
  • Easy integration with Website & Third Party Security Software
  • Reliable API for Security Consulting Services
  • Help Integrators to become CVE Compatible
  • Help Integrators to become CWE Compatible

Register to Use

Want to give a try?

If your are interested to test this solution, simply register here