libgda work

Work continues on libgda. Things are off to a slower than expected start but they are moving forward. I’ve got a basic stylesheet done for transforming the report XML. Next steps are:

• Set the XSL-FO (Formatting Objects) that will define how the report
  will look when presented to the reader.

• Build the DB queries and get the datasets for the report
• Write code to integrating into libgda API

As I told Rodrigo, I’m working on it…

Sussen Use Cases

Read some stuff from Robert Love about user centric design and use cases in OSS development. In a nut shell instead of having a functional specification, lists of needed components, a description of features at a low-level, and so on, all you have is a set of very high-level use cases, in plain English, describing an action a potential user might perform and then the system’s reaction.

It looks like an interesting idea and I’ve come up with some use cases for Sussen that tries to capture what we are working towards. They are presented here.

Note this is just a first draft, comments/suggestions are welcome.

Abstract: The goal of the Sussen project is to create a security scanner which remotely tests computers and network devices for security vulnerabilities and provide reports based on the results.

Use Cases: For the purposes of these use cases, the various compoents that comprise the Sussen project (sussen,sussen-sensor,sussen-plugins) will be considered black box.

These use cases were developed with the needs of a particular target audience in mind. Target audience members are assumed to have medium level of computer literacy, and to be familiar with a variety of applications and devices.

Are we vulnerable to [exploit] ?

Dave is notified of a new virus/worm that is spreading over the Internet. He wants to know if any of the machines on his network are are vulnerable. He loads sussen, provides his network range, the ID [CVE | Bugtraq | sussen-plugin] of the vulnerability, and selects a sussen-sensor to perform the work.

Dave then tells the software he wants a report in [HTML | PDF | Other] format and to send it via email to himself and Bob, the system administrator. Sussen allows him to manually enter the address(es) or select from contacts contained in his Evolution address book.

Dave starts the scan and when the testing is complete , the report is automatically emailed to both himself and Bob.

Large Network Scanning

Rusty wants to test the security of a large network. He has previously deployed a number of sussen-sensors in various points on the network. Rusty starts up the sussen software and provides the network range, the policy for the scan, and selects all his sussen-sensors to do the work. The software will distribute the work between the sensors and store the results of the tests in a database specified by Rusty.

Continuous Scanning

Jane wants to do regular [daily | weekly | monthly] scans of her network. She wants to know if anything changed since the last time she did a scan. She tells the software the network addresses and the policy to use for scanning.

The software performs the scan as normal but also saves the results on the sensor. The next time the scan is performed the sensor will refer to the historical data when performing the testing.

Custom Reports

Charles is a security consultant who does numerous vulnerability assessments on a regular basis. He wants to reduce the amount of presentation work he has to do with reports before he submits them to his clients.

Charles starts the report editor in the software and creates a custom report template containing his company logo and contact information, look & feel layout, and what information to include.

Security Tests

Steven hears about a new security exploit from a security mailing list. He wants to create a test for this exploit to know if he is vulnerable. He loads the sussen plugin editor and uses it to write, test and debug his security test. The editor provides templates and a help API which you can use to rapidly develop your tests.

Steven uses the software to upload the new security test to his sussen-sensor(s) and then performs a scan against his network with it.

Scan Policies

Alice wants to be able to define scan policies for different types of machines and devices that she has. The software presents the option to create new policies based on existing ones.

Alice uses one of her existing policies and modifies the particular security tests and scan parameters. When she is finished she saves that as a new policy. She creates policies for all various different classes of machines/devices (web servers, firewalls, routers, etc.)

Historical Reports

Dale needs the results of a scan he did six months ago. He loads the software and looks at the list of previous sessions. He sorts the list and finds the session he is looking for, selects it.

The software presents options for what kind of report Dale wants generated. Dale can choose from a list of predefined reports or create his own custom one.

XSLT

Working on some XSLT code for the GDA Report Engine. I’m trying to get the report XML to transform into XHTML. Should have some code to show soon.

Bugfixes

Checked in some bugfixes for sussen & sussen-sensor today. Fixed some crashes and updated the service fingerprint code. The work continues…

OVAL

Saw some discussion on slashdot.org about the Open Source Vulnerability Database. One of the comments made a reference to Open Vulnerability Assessment Language (OVAL).

I’ll have to investigate that more at some point. It looks interesting.

Open Source Vulnerability Database

Heard about the Open Source Vulnerability Database today. That might come in handy for plugin development. Have to investigate it more.

GNOME-DB / Network Problems

Been going over the libgda code for the reporting engine. Just trying to wrap my head around the whole thing. Still feeling my way around.

Had some network issues today, that just sucks, but whatever, things seem to be back to normal again.

More to come…