Transcript Group 4

Thomas Bowen
Jerrod Mirabal
Derek Smith
Application
 Wizard-like ASP.NET web application running on
.NET Framework 3.0
 View output as tables
 Charts
 Output
 Microsoft Reporting Services using AJAX
 Excel and Adobe PDF
 More formats available with full version of SQL Server
2005 such as CSV and XML.
Server-side Processing
 C# ASP.NET backend
 FileUpload controls upload user-specified files to web-
server.
 Scanner Objects are created and passed StreamReader
objects, which are the opened files.
Scanners
 Scanner Classes implement the IScanner interface.
 Each scanner has a DBFunctions object, which
implements to database update functionality.
 SARA (CSV)
 Retina (Text)
 Nessus (XML)
SQL Backend
 Parsers scan for information
 Each scanner calls function called
DBFunctions.InsertRecord() which connects to DB
and inserts information
 DB & backend programming sanitizes inputs
 Uniqueness constraint on ScannerID, CVEID, HostID
(i.e. there cannot be more than one record with these
three fields in common.)
Majority-voting
 Certainty Coefficient based on COUNT(*) of SQL
records.
SELECT TOP (100) PERCENT MAX(ID) AS ID, MAX(ScannerID) AS
ScannerID, CVEName, HostID, MAX(SuggestedOS) AS OS,
MAX(Port) AS Port, MAX(Protocol) AS Protocol, MAX(Rank) AS
Severity, MAX(ScanDescription) AS Description,
MAX(ScanDateTime) AS DateTime, COUNT(*) * 10 AS
CertaintyCoefficient
FROM
dbo.tblVulnFound
GROUP BY CVEName, HostID
ORDER BY CertaintyCoefficient DESC
Demo