| With the rapid development of network, security issue has become the hot spot of current network technology research. As an important part of the network security solution, vulnerability assessment products can find out the vulnerabilities in computers. Different product vendors usually adopt different standards on the expression of security information. So products can not interoperate with each other efficiently.Based on the research on current vulnerability assessment technologies and application of OVAL (Open Vulnerability Assessment Language), an OVAL-based open vulnerability assessment system on multi-platform is designed and realized. The main work in this thesis is listed as follows:1. The current situation of vulnerability assessment is discussed. Vulnerability and assessment technologies related are researched. OVAL and CVSS (Common Vulnerability Scoring System) are analyzed thoroughly to provide the theoretical support basis for the design of the system.2. OVAL is taken as vulnerability assessment standard and CVSS is combined to score the vulnerabilities. An open vulnerability assessment system model based on OVAL is proposed with the detailed description of system structure, functional modules and work process.3. The main functions of the system are realized. The key technologies such as the login /logout of client agents and the vulnerability processing are described in detail. The vulnerability process is optimized by analyzing the information of installed software.4. The system is tested in different aspects. The result shows that this system can assess the computer with high accuracy, assessing completeness and functional expansibility. |
PDF Full Text Request