Specifications

vDNA is the Security-Database naming scheme that provides structuredenumeration of specific detailed description for a Security Alert.

The main goal of vDNA is to provide to third party system/program/websitean easy way to integrate full documented CVE Alert.
Any tool integrating the XML vDNA scheme will be able to consume, identifyand report all data related to a specific vulnerability.

Taking into account the benefits of SecurityMetrics standards principles,vDNA adopted most of all Open Standards (CVE, CVSS, CPE, CWE, CAPEC, OVAL)aligned with biggest security references as well as OSVDB, Milw0rm, Metasploitand Saint then cross-linked with other vendors (Microsoft bulletin and KB,US-CERT VU-CERT, Debian, Mandriva, Redhat, Cisco, Sun, Ubuntu and Gentoo )to draw actually the most advanced security CVE feed.

Data Feeds are provided thought Secured (SSL & Encryption) API based Web-Service(served with XML) or Base64 76 Column.

vDNA provides thoses defaults informations for a given Alert :

Provided (Open Standards)
Common Vulnerability Enumeration : CVE
Common Patern Enumeration : CPE (mitre.org)
Common Vulnerability Scoring System : CVSS
Common Weakness Enumeration : CWE (mitre.org)
Common Attack Pattern Enumeration and Classification : CAPEC (mitre.org)
Open Vulnerability and Assessment Language : OVAL
Open Source Vulnerability Database : OSVDB
Provided (Third Vendors Databases)
Exploits information : Milw0rm
Exploits framework : Metasploit
Exploits information : Exploitdb
SAINT vulnerability : SAINT
Exploits information : OpenVAS
Information Assurance Vulnerability Management (IAVM)
SnortĀ® Network intrusion prevention and detection system (IDS/IPS)
NessusĀ® Vulnerability Scanner
Related Open-Source AlertsRelated Vendors Alerts
DebianMicrosoft Bulletins (MSXX-XXX)
MandrivaMicrosoft KB (Security-Advisories)
RedHatTechnical Advisories TA-CERT
UbuntuVulnerability Notes VU-CERT
GentooSun microsystem Alerts
 Cisco Alerts
 HP Alerts
 VMWare Alerts

Examples of use

  • Automatically get fully normalized Xml for alert from Security-Database.com
  • Using automated XML / XSD parser software to read default entries. Note, that the software should able to handle communications protocols (HTTP, HTTPS, XML, XSD, SOAP)

Key features of vDNA

  • Built using Security-Database Technology Distribution Flow vDNA
  • Accurate Vulnerability Database with multiple Sources, Vendors & Open Standards
  • Comply with Standards : CVE, CWE, CPE, OVAL, CVSS, CAPECS ...
  • Easy integration with Website & Third Party Security Software
  • Reliable API for Security Consulting Services
  • Help Integrators to become CVE Compatible
  • Help Integrators to become CWE Compatible

Register to Use

Want to give a try?

If your are interested to test this solution, simply register here