[Openvas-discuss] Summary of ideas for future OpenVAS functionalities

Jan-Oliver Wagner jan-oliver.wagner at intevation.de
Thu May 24 11:51:01 CEST 2007 

Hello,

thank for all of your feedback.

I summarized the ideas (see below) that arrived so far.
I propose to put the list on the www.openvas.org website
under something like "Brainstorm for future OpenVAS functionalities".
It should be noted that it is post-1.0 plans and that the roadmap
for post-1.0 will pick from this list.
Anyone volunteering to do this?

Best

	Jan

- Plugin severity override:
  Some places value some vulnerabilities more than others.
  For example: some places rank anonymous CIFS connections
  as vital to their business. Others say its a big risk.
  Having a front end to override the degree instead of patching the
  plugin would be nice.
  This is related to ideas about fals-positive marking.

- Configurable option "Don't automatically add and run new plugins":
  An option to say: "do not add new plugins to the .nessusrc file(s)".
  Or maybe, add all new ones as "no".  Sometimes I want to run a given
  set of plugins periodically.  I don't want all new ones to also get run.

- Direct support of Database:
  OpenVAS Server should optionally write results into a database.
  It is to be discussed whether this is done additional to sending
  the results via Nessus Protocol. Also the question is open whether
  the server manages access to the database directly or whether users
  submit DB connection and authorization details so that the
  data are written there.

- Re-connnect to running OpenVAS scans:
  OpenVAS should run in the background without
  a permanent connection to the client.
  Re-connection should then allow to get the results.
  Email notification at scan completion is helpful
  as well.

- New Client-Server protocol:
  Replace the old Nessus Protocol by something
  based on standard protocol technologies and
  iron out current weaknesses like the chracter encoding.

- Trace function:
  Show sets of queries. Each query is composed of the rule
  that was used, the destination IP and port, the data sent,
  and the data returned.  This will make it easier to determine false positives.

- Improved NASL debugging

- Condensed Plugins:
  E.g. all the Debian local security checks could be condensed
  into few (for each year). It is not clear yet which other implications
  this might mean.

- Generic Plugins
  Plugins with some heuristics to generically detect weaknesses
  in web applications.

-- 
Dr. Jan-Oliver Wagner                        Intevation GmbH, Osnabrück
Amtsgericht Osnabrück, HR B 18998             http://www.intevation.de/
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

More information about the Openvas-discuss mailing list