SSA Security System Analyzer version 1.6 beta 1 released
SSA (Security System Analyzer) is free non-intrusive OVAL-Compatible software. It provides security testers, auditors with an advanced overview of the security policy level applied.
- OVAL-compatible product
- Fully support of open security standards and initiatives (CVE, OVAL, CCE, CPE, CWE, CAPEC, CVSS, CRF)
- Perform a deep inventory audit on installed softwares and applications
- Scan and map vulnerabilities using non-intrusive techniques based on schemas
- Detect and identify missed patches and hotfixes
- Define a patch management deployment strategy using CVSS scores
- Fully support the Open security standards and initiatives as well as CVE, CWE, CPE, CCE, CWE, CAPEC, CVSS, CRF. Please refer to Making Security Measurable Website
- GUI redesigned and reworked
- Introduced Plugins integration and management:
* Many new HOT plugins to be released soon (CCE, Nikto, Nipper....)
- New SSA core engine designed:
* Introduced a loader to check configurations
* Configurations are stored into XML files.
* Enhanced scanning capabilities
* The support of plugins integration
* Advanced exceptions and errors handling
- OVAL Security Checks Plugin improvements:
* Fast and simple to use
* Verifies the definitions files against their MD5 signatures (only from security-database.com)
* Based on the latest OVAL Interpreter 5.3 Build 68
* Scan using categories (Inventory, Patch and Vulnerability) with the respect of the new OVAL repository requirements
* Plugin handles only "True" results.
- New Updater plugin:
* Support of Proxying (now support only simple proxies)
* Definitions can be downloaded from 2 sources repositories (security-database.com or oval.mitre.org)
* Download only essential definitions files to be used
!!!! Next Beta 2 !!!!
- New plugin based upon the CCE (Common Configurations Checks) standard.
- Fix some know bugs (OVAL security checks progress bar could freeze)
- Added the NTLM proxy authentication.
- Activate the New Report Plugin in compliance with the CRF (Common Results Format) standard.
- Documentation beta