Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [WEB SECURITY] What is the status of AVDL

from [Kurt R. Roemer] Network Security [Permanent Link]
Subject: RE: [WEB SECURITY] What is the status of AVDL
Date: Wed, 10 May 2006 07:38:43 -0500 
Dinis-

AVDL v1.0 was adopted as an OASIS standard and has been implemented in
several products.  The products I am aware of are SPI Dynamics WebInspect,
Nikto, and the NetContinuum WAF.  

In addition to http://www.avdl.org, information on AVDL can be found at:
http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=avdl

The public database for AVDL never materialized, but, as you mentioned,
would be very beneficial in the adoption and usage of this standard.

The AVDL committee was disbanded last year due to lack of participation in
future standards efforts and was officially closed by OASIS in January 2006.
There was an effort underway to develop AVDL v2.0, but we were unable to
obtain the required participation from 3 vendors.  I was the last Chair of
the OASIS AVDL committee.

If there's interest (and the required vendor commitment) in starting this
back up, please contact me.


-Kurt

Kurt R. Roemer
VP & Chief Technology Officer
NetContinuum, Inc.
847-420-7846 Mobile
kroemer@netcontinuum.com
http://www.netcontinuum.com

-----Original Message-----
From: Dinis Cruz [mailto:dinis@ddplus.net] 
Sent: Tuesday, May 09, 2006 5:16 PM
To: webappsec@securityfocus.com; websecurity@webappsec.org
Subject: [WEB SECURITY] What is the status of AVDL 

Ok, so I can see from www.advl.org and Oasis that the AVDL standard was
published in 2004.

My question are

    1) What is the status of this standard?.
    2) Who has adopted it on current versions of their product?
    3) Is there a public database of AVDL?
    4) How are the different AVDL users synchronizing the:

             Title,
             Summary
             Classification name
             Classification score (i..e the Risk rating)


A public database (of AVDL items) looks like a very important piece of
the puzzle and it would be very useful it does exist somewhere.

Dinis Cruz
Owasp .Net Project
www.owasp.net








- Sponsored Advertisement --------------------------------------------------
The Software Security Summit is the only event that addresses security
issues at the application development level. Join us Jun 5-7, Baltimore, MD.
http://www.s-3con.com
----------------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/


-------------------------------------------------------------------------
Sponsored by: Watchfire

Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web 
application security assessments should be considered a crucial phase in 
the development of any web application. What methodology should be 
followed? What tools can accelerate the assessment process? 
Download this whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9h
--------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [WEB SECURITY] cookies a fundamental threat?, Evans, Arian
Next by Date:  RE: Is logoff feature necessary, Matt Fisher
Previous by Thread:  What is the status of AVDL, Dinis Cruz
Next by Thread:  Why Novell should take on the 'type-safe platform' challenge, Dinis Cruz
Indexes:  [Date] [Thread] [Top] [All Lists]