[Owasp-o2-platform] Help with loading and consolidating data from AppScan 7.9
dan at denimgroup.com
Sat Aug 28 14:22:10 EDT 2010
An O2 user sent me this request:
"...I need some help writing an 02 script that will collect multiple IBM appscan projects and convert them into one big project combining all of the vulnerabilities.
The use case is that I have a huge web site that has 40 seperate "mini website" branched off of the main url. Some of them require credentials some of them don't. I have 20 app scan files that I would like to combine into one big app scan file. The version of IBM app scan is 7.9..."
I have a sample assessment file from a scan of http://demo.testfire.net in the form of an *.scan file. This file is a zip file and inside of it here are a bunch of *.PDB , *.FPT and *.DBF files which are clearly database files.
Anybody as idea of what these are and where I can get an C#, Python or Java reader for it?
There is some Java code to read XML AppScan files in VulnManager - http://vulnerabilitymanager.denimgroup.com/ I have an updated version of that in the upcoming release but that code isn't quite ready for distribution yet.
I can probably also dredge up some other Java code to read the .scan files.
Those use what is basically a Firebird DB format:
If this is just a one-off you could probably take your .scan files, use the Firebird ODBC driver to set up each files as a database and do some goofy query/join-y stuff to lump them all together in one big DB.
Or to integrate it into O2 you could use the Firebird .NET data provider and attach that to the .scan files.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-o2-platform