OpenVAS 2.0 Begins Public Beta Phase



Hello,

In late September 2008, the OpenVAS[1] developer team released the 2.0-beta1
version of OpenVAS, the Open Vulnerability Assessment System for network
security scanning.
The intended audience for this beta release are experienced users interested
in upcoming features as well as developers of vulnerability checks.

The new version introduces first steps towards support for OVAL, the Open
Vulnerability and Assessment Language[2]. OVAL is an international,
information security, community standard to promote open, standardized and
publicly available security content.
The OpenVAS server can now execute OVAL files just like its own Network
Vulnerability Tests (NVTs) by using the OVAL definitions interpreter "ovaldi".
While the plain ovaldi tool can only check local systems where it is
installed, the combination with OpenVAS enables it to test any target system
for which OpenVAS has collected information. The beta1 release offers sample
support for Red Hat Enterprise Linux security announcements which are
provided as OVAL definitions.

Major internal changes include the cleaned and extended protocol for
client-server communication (OTP) and the transition to the new OID-based
scheme for unique IDs of vulnerability tests. The switch from the NTP
inherited from Nessus to OTP was necessary due to security and design
considerations.

The OpenVAS (NVTs) remain compatible with both the 1.0 and 2.0 series of
OpenVAS. This also means that the free OpenVAS NVT feed service (which has
recently extended to deliver the full range of NVTs, grown to over 5000
available NVTs) is also compatible for both release series. The switch from
NTP to OTP does not affect NVTs already in existance. This means NVTs written
in NASL continue to be fully supported by OpenVAS. There is no need to make
changes to your old NASL scripts -- unless you want to use the new features.

The first release candidate of the new OpenVAS Compendium has been made
available in PDF and HTML format for final reviews and as a base for
translation into other languages (a translation to German is already in
progress) as well.

All download links can be found on the OpenVAS website[1].

The OpenVAS team is looking forward to feedback for the beta1 release. If you
want to participate in the beta phase by sharing your experience with beta1 or
if you have any questions, please feel free to use the public mailing lists or
visit us in our IRC online chat[3].

Regards,

Michael Wiegand

[1] http://www.openvas.org
[2] http://oval.mitre.org
[3] http://www.openvas.org/online-chat.html

--
Michael Wiegand | OpenPGP key: D7D049EC | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------



Relevant Pages

  • [Full-disclosure] OpenVAS 2.0 Begins Public Beta Phase
    ... security scanning. ... in upcoming features as well as developers of vulnerability checks. ... The OpenVAS server can now execute OVAL files just like its own Network ... Vulnerability Tests (NVTs) by using the OVAL definitions interpreter "ovaldi". ...
    (Full-Disclosure)
  • Network Security Scanner OpenVAS 2.0.0 Released
    ... Assessment System for network security scanning. ... OpenVAS is a fork of the Nessus security scanner which has continued development ... OpenVAS 2.0.0 introduces preliminary support for OVAL, ... own Network Vulnerability Tests (NVTs) using the OVAL definitions interpreter ...
    (Pen-Test)
  • [Full-disclosure] Network Security Scanner OpenVAS 2.0.0 Released
    ... Assessment System for network security scanning. ... OpenVAS is a fork of the Nessus security scanner which has continued development ... OpenVAS 2.0.0 introduces preliminary support for OVAL, ... own Network Vulnerability Tests (NVTs) using the OVAL definitions interpreter ...
    (Full-Disclosure)
  • Network Security Scanner OpenVAS 2.0.0 Released
    ... Assessment System for network security scanning. ... OpenVAS is a fork of the Nessus security scanner which has continued development ... OpenVAS 2.0.0 introduces preliminary support for OVAL, ... own Network Vulnerability Tests (NVTs) using the OVAL definitions interpreter ...
    (Bugtraq)
  • [Full-disclosure] [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection
    ... It has been identified that OpenVAS Manager is vulnerable to command ... It has been identified that this vulnerability ... OpenVAS Manager on vulnerable systems. ...
    (Full-Disclosure)