您的组织名称:
cxsecurity Web Site:
http://cxsecurity.com
Compatible Capability:
World Laboratory of Bugtraq 2 Capability home page:
http://cxsecurity.com
一般能力问题 Product Accessibility
简要说明如何以及在何处将您的能力提供给客户和公众(必需的):
Our vulnerability database is accessible to the general public at our web site: http://cxsecurity.com. The WLB2 Database contains CVE and CWE references that are updated every day.
映射问题 地图货币更新方法
Indicate how often you plan on updating the mappings to reflect the current CWE content and describe your approach to keeping reasonably current with the CWE content when mapping them to your repository(受到推崇的):
通过获取最新的映射文件(NVD)来不断更新映射,并每天监视CWE的更改。
MAP CURRENCY UPDATE TIME
Describe how and where you explain to your customers the timeframe they should expect an update of your capability's mappings to reflect newly available CWE content(必需的):
我们提供RSS提要以告知客户。我们用于CWE映射的时间范围:
2.00 AM CET
下午2.00
欧洲局8.00
Documentation Questions CWE和兼容性文档
Provide a copy, or directions to its location, of where your documentation describes CWE and CWE compatibility for your customers(必需的):
http://cxsecurity.com/wlb/about
DOCUMENTATION OF FINDING ELEMENTS USING CWE IDENTIFIERS
提供您的文档的副本或指示到其位置,描述了您的客户如何使用CWE标识符在您的功能存储库中找到单个安全元素的特定详细信息(必需的):
http://cxsecurity.com/wlb/about#cwe
Use the search form: http://cxsecurity.com/cwe/
Or using syntax: http://cxsecurity.com/cwe/CWE-NNNN
使用元素查找CWE标识符的文档
提供您的文档描述用户将遵循的过程的副本或指示,以查找与您功能存储库中个人安全元素相关的CWE标识符(必需的):
http://cxsecurity.com/wlb/about#cwe
DOCUMENTATION INDEXING OF CWE-RELATED MATERIAL
If your documentation includes an index, provide a copy of the items and resources that you have listed under "CWE" in your index. Alternately, provide directions to where these "CWE" items are posted on your web site(受到推崇的):
http://cxsecurity.com/wlb/about#cwe
Using CWE Dictionary: http://cxsecurity.com/allcwe/
Type-Specific Capability Questions
工具问题 使用CWE标识符查找任务
给出详细的示例和解释用户如何通过寻找关联的CWE标识符来定位工具中的任务(必需的):
用户可以使用Bellow搜索表格:http://cxsecurity.com/cwe/
相关的漏洞将作为搜索结果呈现。
使用报告中的元素查找CWE标识符
Give detailed examples and explanations of how, for reports that identify individual security elements, the tool allows the user to determine the associated CWE identifier for the individual security elements in the report(必需的):
在每个WLB2记录中
Example: http://cxsecurity.com/issue/WLB2011050133
The user will see:
主题:多个供应商libc/fnmatch(3)dos(包含apache POC)
学分:maksymilian arciemowicz
日期:2011.05.13
CWE:CWE399
(Show similar)
CVE: CVE20110419
Risk: Medium
Local: Yes
远程:是的
历史:[20110513]
开始
In each CVEMAP record
示例:http://cxsecurity.com/cveshow/cve20120149/
The user will see:
类型:CWE20
(Improper Input Validation)
GETTING A LIST OF CLAIMED CWE IDENTIFIER COVERAGE
给出详细的示例和解释,说明用户如何获得所有者声称该工具有效定位软件的所有CWE标识符的列表(必需的):
使用url:http://cxsecurity.com/cwe/cwe- [nnn]
示例:http://cxsecurity.com/cwe/cwe-89
GETTING A LIST OF CWE IDENTIFIERS ASSOCIATED WITH TASKS
给出详细的示例和解释用户如何获得与工具任务相关联的所有CWE标识符的列表(受到推崇的):
Security alerts with CWE related
http://cxsecurity.com/cwelist/
使用CWE标识符列表选择任务
描述用户通过提供CWE标识符列表的文件来选择一组任务的步骤和格式(受到推崇的):
使用url:http://cxsecurity.com/cwe/cwe- [nnn]
SERVICE COVERAGE DETERMINATION USING CWE IDENTIFIERS
用户可以在整个漏洞数据库中搜索与特定CWE标识符匹配的漏洞记录。(必需的):
用户可以在整个漏洞数据库中搜索与特定CWE标识符匹配的漏洞记录。
http://cxsecurity.com/searchwlb/
使用报告中的元素查找CWE标识符
Give detailed examples and explanations of how, for reports that identify individual security elements, the tool allows the user to determine the associated CWE identifier for the individual security elements in the report(必需的):
漏洞的CWE标识符(如果有)显示在WLB2数据库的“详细信息”选项卡中。
GETTING A LIST OF CLAIMED CWE IDENTIFIER COVERAGE
给出详细的示例和解释,说明用户如何获得所有者声称该工具有效定位软件的所有CWE标识符的列表(必需的):
Using CWE list: http://cxsecurity.com/allcwe/
媒体问题 ELECTRONIC DOCUMENT FORMAT INFO
提供有关您提供的不同电子文档格式的详细信息,并描述如何搜索它们与CWE相关的特定文本(必需的):
在CXSECURITY网站上的HTML中提供了数据库:
http://cxsecurity.com/wlb/
CVEMAP:http://cxsecurity.com/cvemap/
通过访问搜索页:
http://cxsecurity.com/searchwlb/
http://cxsecurity.com/cwe/
By RSS: http://cxsecurity.com/wlb/rss/all/
CWE标识符的电子文档列表
If one of the capability's standard electronic documents only lists security elements by their short names or titles provide example documents that demonstrate how the associated CWE identifiers are listed for each individual security element(必需的):
The associated CWE name is listed prominently in the "Details" tab of a WLB2 Database entry.
CWE标识符的电子文档元素
提供示例文档,以证明从功能的各个元素到相应的CWE标识符的映射(受到推崇的):
http://cxsecurity.com/issue/wlb2011050133
http://cxsecurity.com/issue/WLB2011030139
http://cxsecurity.com/issue/wlb2011070105
http://cxsecurity.com/cveshow/CVE20121067/
http://cxsecurity.com/cveshow/CVE20120145/
http://cxsecurity.com/cveshow/cve20120761/
图形用户界面(GUI)问题 FINDING ONLINE CAPABILITY TASKS USING CWE
给用户提供“查找”或“搜索”功能如何使用“查找”或“搜索”功能的详细示例和说明,以通过查找其关联的CWE标识符或通过在线映射将功能的每个元素链接到其关联的在线映射来找到在线功能中的任务CWE标识符(必需的):
The User can use bellow search form:
http://cxsecurity.com/cwe/
http://cxsecurity.com/searchwlb/
相关的漏洞将作为搜索结果呈现。
ONLINE CAPABILITY INTERFACE TEMPLATE USAGE
http://cxsecurity.com/cwe/[CWE-NNNN]
在线能力CGI获取方法支持
是的
FINDING CWE IDENTIFIERS USING ONLINE CAPABILITY ELEMENTS
简要描述如何为单个安全元素列出相关的CWE标识符,或讨论用户如何使用CWE标识符和功能元素之间的映射,还描述了映射的格式(必需的):
在每个安全咨询中,都有一个“详细信息”部分,该部分将为CWE网站提供直接映射。
Example: http://cxsecurity.com/issue/WLB-2011050133
The user will see:
日期:2011.05.13
CWE:CWE-399(显示相似)
CVE:CVE-2011-0419
示例:http://cxsecurity.com/cveshow/cve-2012-1067/
Type: CWE-89 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))
GUI EXPORT ELECTRONIC DOCUMENT FORMAT INFO
提供有关您提供的不同电子文档格式的详细信息(受到推崇的):
与CWE相关:http://cxsecurity.com/cwelist/
CWE-Dictionary:http://cxsecurity.com/allcwe/
签名问题 兼容性
Have an authorized individual sign and date the following Compatibility Statement(必需的):
"As an authorized representative of my organization I agree that we will abide by all of the mandatory CWE Compatibility Requirements as well as all of the additional mandatory CWE Compatibility Requirements that are appropriate for our specific type of capability."
姓名:Maksymilian Arciemowicz
Title: Security Officer
准确性
Have an authorized individual sign and date the following accuracy Statement(受到推崇的):
"As an authorized representative of my organization I agree that we will abide by all of the mandatory CWE Compatibility Requirements as well as all of the additional mandatory CWE Compatibility Requirements that are appropriate for our specific type of capability."
姓名:Maksymilian Arciemowicz
Title: Security Officer
STATEMENT ON FALSE-POSITIVES AND FALSE-NEGATIVES and/or
FOR TOOLS AND SERVICES ONLY - Have an authorized individual sign and date the following statement about your tools efficiency in identification of security elements(必需的):
"As an authorized representative of my organization I agree that we will abide by all of the mandatory CWE Compatibility Requirements as well as all of the additional mandatory CWE Compatibility Requirements that are appropriate for our specific type of capability."
姓名:Maksymilian Arciemowicz
Title: Security Officer
More information is available — Please select a different filter.
|
