1 / 8

Assignment 2

Assignment 2. Thomas Bowen Jerrod Mirabal Derek Smith. Application. Wizard-like ASP.NET web application running on .NET Framework 3.0 View output as tables Charts Output Microsoft Reporting Services using AJAX Excel and Adobe PDF

dputnam
Download Presentation

Assignment 2

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Assignment 2 Thomas Bowen Jerrod Mirabal Derek Smith

  2. Application • Wizard-like ASP.NET web application running on .NET Framework 3.0 • View output as tables • Charts • Output • Microsoft Reporting Services using AJAX • Excel and Adobe PDF • More formats available with full version of SQL Server 2005 such as CSV and XML.

  3. Server-side Processing • C# ASP.NET backend • FileUpload controls upload user-specified files to web-server. • Scanner Objects are created and passed StreamReader objects, which are the opened files.

  4. Scanners • Scanner Classes implement the IScanner interface. • Each scanner has a DBFunctions object, which implements to database update functionality. • SARA (CSV) • Retina (Text) • Nessus (XML)

  5. SQL Backend • Parsers scan for information • Each scanner calls function called DBFunctions.InsertRecord() which connects to DB and inserts information • DB & backend programming sanitizes inputs • Uniqueness constraint on ScannerID, CVEID, HostID (i.e. there cannot be more than one record with these three fields in common.)

  6. Majority-voting • Certainty Coefficient based on COUNT(*) of SQL records. SELECT TOP (100) PERCENT MAX(ID) AS ID, MAX(ScannerID) AS ScannerID, CVEName, HostID, MAX(SuggestedOS) AS OS, MAX(Port) AS Port, MAX(Protocol) AS Protocol, MAX(Rank) AS Severity, MAX(ScanDescription) AS Description, MAX(ScanDateTime) AS DateTime, COUNT(*) * 10 AS CertaintyCoefficient FROM dbo.tblVulnFound GROUP BY CVEName, HostID ORDER BY CertaintyCoefficient DESC

  7. Demo

More Related