80 likes | 103 Views
Assignment 2. Thomas Bowen Jerrod Mirabal Derek Smith. Application. Wizard-like ASP.NET web application running on .NET Framework 3.0 View output as tables Charts Output Microsoft Reporting Services using AJAX Excel and Adobe PDF
E N D
Assignment 2 Thomas Bowen Jerrod Mirabal Derek Smith
Application • Wizard-like ASP.NET web application running on .NET Framework 3.0 • View output as tables • Charts • Output • Microsoft Reporting Services using AJAX • Excel and Adobe PDF • More formats available with full version of SQL Server 2005 such as CSV and XML.
Server-side Processing • C# ASP.NET backend • FileUpload controls upload user-specified files to web-server. • Scanner Objects are created and passed StreamReader objects, which are the opened files.
Scanners • Scanner Classes implement the IScanner interface. • Each scanner has a DBFunctions object, which implements to database update functionality. • SARA (CSV) • Retina (Text) • Nessus (XML)
SQL Backend • Parsers scan for information • Each scanner calls function called DBFunctions.InsertRecord() which connects to DB and inserts information • DB & backend programming sanitizes inputs • Uniqueness constraint on ScannerID, CVEID, HostID (i.e. there cannot be more than one record with these three fields in common.)
Majority-voting • Certainty Coefficient based on COUNT(*) of SQL records. SELECT TOP (100) PERCENT MAX(ID) AS ID, MAX(ScannerID) AS ScannerID, CVEName, HostID, MAX(SuggestedOS) AS OS, MAX(Port) AS Port, MAX(Protocol) AS Protocol, MAX(Rank) AS Severity, MAX(ScanDescription) AS Description, MAX(ScanDateTime) AS DateTime, COUNT(*) * 10 AS CertaintyCoefficient FROM dbo.tblVulnFound GROUP BY CVEName, HostID ORDER BY CertaintyCoefficient DESC