[Owasp-o2-platform] Help with loading and consolidating data from AppScan 7.9

dinis cruz dinis.cruz at owasp.org
Sat Aug 28 18:05:05 EDT 2010


OK, I just added support to O2 for reading FireBird databases and more
specifically for loading and viewing AppScan 7.9 *.ResultsDB.FBD file (which
is inside the *.scan file)

Here is a documentation page with tons of screenshots (and the script I just
wrote):

http://www.o2platform.com/wiki/AppSscan_7.9_-_Results_Viewer_(FireBird_Database).h2
.

Here is a good example of how in O2, once we can 'read/consume the native
files, the rest is easy :)

Dan, Thanks for the help

Dinis Cruz


On 28 August 2010 19:22, Dan Cornell <dan at denimgroup.com> wrote:

>   An O2 user sent me this request:
>
>
>
> *"...I need some help writing an 02 script that will collect multiple IBM
> appscan projects and convert them into one big project combining all of the
> vulnerabilities.*
>
>
>
> *The use case is that I have a huge web site that has 40 seperate "mini
> website" branched off of the main url.  Some of them require credentials
> some of them don't.   I have 20 app scan files that I would like to combine
> into one big app scan file.   The version of IBM app scan is 7.9..."*
>
>
>
> I have a sample assessment file from a scan of http://demo.testfire.net in
> the form of an *.scan file. This file is a zip file and inside of it here
> are a bunch of *.PDB , *.FPT and *.DBF files which are clearly database
> files.
>
>
>
> Anybody as idea of what these are and where I can get an C#, Python or Java
> reader for it?
>
>
>
>
>
> There is some Java code to read XML AppScan files in VulnManager –
> http://vulnerabilitymanager.denimgroup.com/  I have an updated version of
> that in the upcoming release but that code isn’t quite ready for
> distribution yet.
>
>
>
> I can probably also dredge up some other Java code to read the .scan files.
>
>
>
> Those use what is basically a Firebird DB format:
>
> http://www.firebirdsql.org/
>
>
>
> If this is just a one-off you could probably take your .scan files, use the
> Firebird ODBC driver to set up each files as a database and do some goofy
> query/join-y stuff to lump them all together in one big DB.
>
>
>
> Or to integrate it into O2 you could use the Firebird .NET data provider
> and attach that to the .scan files.
>
>
>
> Thanks,
>
>
>
> Dan
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-o2-platform/attachments/20100828/b454e7a3/attachment-0001.html 


More information about the Owasp-o2-platform mailing list