└── README.md


/README.md:
--------------------------------------------------------------------------------
 1 | SSA (Security System Analyzer) is free non-intrusive OVAL, FDCC, XCCDF and SCAP scanner. It provides security testers, auditors with an advanced overview of the security policy level applied. 
 2 | 
 3 | Features
 4 | * Version of products installed using CPE enumeration (see http://cpe.mitre.org). 
 5 | * Identify vulnerabilities and discrepancies using the power of OVAL interpreter and his huge database of definitions (see http://oval.mitre.org). 
 6 | * Perform Compliance and Security Checks using the XCCDF - The eXtensible Configuration Checklist Description Format (see http://scap.nist.gov/specifications/xccdf/) 
 7 | * Qualifying the vulnerabilities using CVSS v2.0 scoring system (see http://www.first.org/cvss). 
 8 | * And many new features. 
 9 | 
10 | News
11 | 
12 | New Coming version
13 | 
14 | A new coming release will be in the wild very soon (after the Blackhat US Vegas). I decided to update the engine with the support of the latest OVAL, SCAP and XCCDF. Moreover, SSA is now working on OS X. Great news, i finally added PCI v2.0 Security Checks for Apple :) Many other enhancements to be expected. Stay Tuned. 
15 | 
16 | December 2010 : Release of Beta 002
17 | * Added the support of XCCDF 1.1.4 (http://scap.nist.gov/specifications/xccdf/) 
18 | * Display Pass / Fail testcase 
19 | * Associate Testcase to CCE reference 
20 | * Added the following Policies and Baselines 
21 |  * FDCC/SCAP FISMA NIST 800-53 with 5 baselines ( IE7, WinXP, WinVista, Vista Firewall, XP Firewall) 
22 |  * STIG/SCAP DISA with 2 baselines (Windows XP Security Checklist v6 r1.19 and Windows Vista Security Checkist v6 r1.19) 
23 |  * USGCB/SCAP USGCB with 2 baselines (IE8 and Windows 7 X86) 
24 | * Added export to CSV 
25 | * Added new directory for logs 
26 | * Added the ability to maximize Windows 
27 | * Added a new community page http://teambox.com/public/ssa-v2-beta 
28 | * Fixed many bugs 
29 | 
30 | November 2010 : Release of Beta 001
31 | * New UI 
32 | * New Correlation engine 
33 | * Integrated XML parser 
34 | * Integrated HTML viewer 
35 | * Compliant to OVAL interpreter 5.8.2 
36 | * Load,verify and consume OVAL Compliance, Vulnerability and Inventory definitions 
37 | * Enumerate findings (True states) 
38 | * Support of CVE and CPE (http://cve.mitre.org and http://cpe.mitre.org) 
39 | * List Results Stats (Global scanned definitions & True reported definitions) 
40 | * View OVAL HTML results into UI 
41 | 
42 | SSA is developed and maintained by NJ OUCHN (@toolswatch) 
43 | 


--------------------------------------------------------------------------------