[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Groups - AVDLschema.xsd uploaded
The document AVDLschema.xsd has been submitted by Srinivas Mantripragada (srinivas@netcontinuum.com) to the Application Vulnerability Description Language TC document repository. Document Description: This is in continuation with some of the topics that were discussed in last meeting. Ref: Original Kevin Heineman mail: Continued the discussion regarding the information that should be contained within the standard. The following items were discussed: 1) Discussed the possibility of splitting the standard into 4 sections of information. The sections are version, test description, content type (e.g., request and response), and block schema or fix methodology. Srinivas Mantripragada will post an example of this format to the AVDL site for people to review and comment. Some of the fields that should be included in the content type section are Web Server, OS, Date vulnerability was found, Date ID was entered, Reference to Bug Track, URL pointer to get reference info, WebServer Tag, Host Tag, File extension type, Test description (not part of the request type), raw request and raw response. The top-level suggestion is to have 4 main sections of information containers. (1) Version (2) TestDescription (3) SessionDetails (4) FixMethodology (1) Version provides the information state on the specific vulnerability. (2) TestDescription provides details on the environment under which this vulnerability applies. (3) SessionDetails provides specific request-header, response-header and vulnerability information. (4) FixMethodology contains schemas to provide necessary information to remediary engines, block engines, user fixes etc. Attached is a preliminary schema. More details in today's meeting. thx, -Srinivas Download Document: http://www.oasis-open.org/apps/org/workgroup/avdl/download.php/2778/AVDLschema.xsd View Document Details: http://www.oasis-open.org/apps/org/workgroup/avdl/document.php?document_id=2778 PLEASE NOTE: If the above links do not work for you, your email application may be breaking the link into two pieces. You may be able to copy and paste the entire link address into the address field of your web browser. -OASIS Open Administration
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]