avdl message

Subject: Re: [avdl] Adding more protection to AVDL?

From: Srinivas Mantripragada <srinivas@netcontinuum.com>
To: "Anton Chuvakin, Ph.D." <anton@netForensics.com>,Ivan Ristic <ivanr@webkreator.com>, avdl@lists.oasis-open.org
Date: Tue, 28 Sep 2004 13:43:15 -0700

These are good suggestions. We should consider it for 2.0 revision.

The remediation section for a vulnerability description provides generic 
handles to support block-types which can carry aggregate information,
e.g. patch-information, test-generator, user-descriptions etc. It should 
be fairly easy to add a protective-filter capability with regex support 
that can be applied to specific ACL handles.

thx,

-Srinivas

==

Anton Chuvakin, Ph.D. wrote:

> Ivan and all,
>
>> Basically I think extending AVDL to export protection
>> rules (in portable web application firewall rule format)
>> is a really good idea. Vulnerability scanners can be
>> equipped with protection rules for known vulnerabilities,
>> or can design a set of filters on the fly.
>
>
> I am not often that slow, but I just realized that I also have 
> interest in that. I was analyzing some web attack classes and possible 
> matching protection measures for some project (with questions like:  
> can NIPS protect against SQL injection? Can web application hardening 
> stop XSS? etc)
>
> It looks like it is pretty hard to relate them and AVDL can help, if 
> extended in that direction.
>
> Best,

References:
- Adding more protection to AVDL?
  - From: Ivan Ristic <ivanr@webkreator.com>
- Re: [avdl] Adding more protection to AVDL?
  - From: "Anton Chuvakin, Ph.D." <anton@netForensics.com>