[Owasp-o2-platform] Help with loading and consolidating data from AppScan 7.9

dinis cruz dinis.cruz at owasp.org
Sat Aug 28 18:23:12 EDT 2010


I just created a video (using O2 :)  ) with this script in action.

You can see it on YouTube http://www.youtube.com/watch?v=BAp6M6FZda8 or in
the script documentation page http://www.o2platform.com/index.php/AppSscan
7.9 - Results Viewer (FireBird
Database).h2<http://www.o2platform.com/index.php/AppSscan%207.9%20-%20Results%20Viewer%20%28FireBird%20Database%29.h2>

Dinis Cruz

On 28 August 2010 23:05, dinis cruz <dinis.cruz at owasp.org> wrote:

> OK, I just added support to O2 for reading FireBird databases and more
> specifically for loading and viewing AppScan 7.9 *.ResultsDB.FBD file (which
> is inside the *.scan file)
>
> Here is a documentation page with tons of screenshots (and the script I
> just wrote):
>
>
> http://www.o2platform.com/wiki/AppSscan_7.9_-_Results_Viewer_(FireBird_Database).h2<http://www.o2platform.com/wiki/AppSscan_7.9_-_Results_Viewer_%28FireBird_Database%29.h2>
> .
>
> Here is a good example of how in O2, once we can 'read/consume the native
> files, the rest is easy :)
>
> Dan, Thanks for the help
>
> Dinis Cruz
>
>
>
> On 28 August 2010 19:22, Dan Cornell <dan at denimgroup.com> wrote:
>
>>   An O2 user sent me this request:
>>
>>
>>
>> *"...I need some help writing an 02 script that will collect multiple IBM
>> appscan projects and convert them into one big project combining all of the
>> vulnerabilities.*
>>
>>
>>
>> *The use case is that I have a huge web site that has 40 seperate "mini
>> website" branched off of the main url.  Some of them require credentials
>> some of them don't.   I have 20 app scan files that I would like to combine
>> into one big app scan file.   The version of IBM app scan is 7.9..."*
>>
>>
>>
>> I have a sample assessment file from a scan of http://demo.testfire.netin the form of an *.scan file. This file is a zip file and inside of it here
>> are a bunch of *.PDB , *.FPT and *.DBF files which are clearly database
>> files.
>>
>>
>>
>> Anybody as idea of what these are and where I can get an C#, Python or
>> Java reader for it?
>>
>>
>>
>>
>>
>> There is some Java code to read XML AppScan files in VulnManager –
>> http://vulnerabilitymanager.denimgroup.com/  I have an updated version of
>> that in the upcoming release but that code isn’t quite ready for
>> distribution yet.
>>
>>
>>
>> I can probably also dredge up some other Java code to read the .scan
>> files.
>>
>>
>>
>> Those use what is basically a Firebird DB format:
>>
>> http://www.firebirdsql.org/
>>
>>
>>
>> If this is just a one-off you could probably take your .scan files, use
>> the Firebird ODBC driver to set up each files as a database and do some
>> goofy query/join-y stuff to lump them all together in one big DB.
>>
>>
>>
>> Or to integrate it into O2 you could use the Firebird .NET data provider
>> and attach that to the .scan files.
>>
>>
>>
>> Thanks,
>>
>>
>>
>> Dan
>>
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-o2-platform/attachments/20100828/94788b34/attachment.html 


More information about the Owasp-o2-platform mailing list