This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP JSEC CVE Details"

From OWASP
Jump to: navigation, search
(Github)
 
(13 intermediate revisions by the same user not shown)
Line 9: Line 9:
  
  
### OWASP JSEC CVE DETAILS is an opensource application developed in Java that uses the api provided by cvedetails.com to receive latest CVE updates. Apart from fetching the latest CVEs, it can also be used to search for expoits and vulnerabilities from exploitsearch.net. This tool is used to find and gather information related to CVEs.
+
OWASP JSEC CVE DETAILS is an opensource application developed in Java that uses the api provided by cvedetails.com to receive latest CVE updates. Apart from fetching the latest CVEs, it can also be used to search for expoits and vulnerabilities from exploitsearch.net. This tool is used to find and gather information related to CVEs.
  
==Introduction==
+
The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures. MITRE Corporation maintains the system, with funding from the National Cyber Security Division of the United States Department of Homeland Security.CVE is used by the Security Content Automation Protocol, and CVE IDs are listed on MITRE's system[2] as well as the US National Vulnerability Database.
### The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures. MITRE Corporation maintains the system, with funding from the National Cyber Security Division of the United States Department of Homeland Security.CVE is used by the Security Content Automation Protocol, and CVE IDs are listed on MITRE's system[2] as well as the US National Vulnerability Database.
 
  
### www.cvedetails.com provides an easy to use web interface to CVE vulnerability data.You can browse for vendors, products and versions and view cve entries, vulnerabilities,related to them. You can view statistics about vendors, products and versions of products.CVE details are displayed in a single, easy to use page
+
This project has now been officially approved by OWASP. Here is the link to the project details on OWASP Website https://www.owasp.org/index.php/OWASP_JSEC_CVE_Details
  
### www.exploitsearch.net, is an attempt at cross referencing/correlating exploits and vulnerability data from various sources and making the resulting database available to everyone.  
+
 
 +
 
 +
www.cvedetails.com provides an easy to use web interface to CVE vulnerability data.You can browse for vendors, products and versions and view cve entries, vulnerabilities,related to them. You can view statistics about vendors, products and versions of products.CVE details are displayed in a single, easy to use page
 +
 
 +
www.exploitsearch.net, is an attempt at cross referencing/correlating exploits and vulnerability data from various sources and making the resulting database available to everyone.  
  
 
* [Features]
 
* [Features]
Line 35: Line 38:
 
| valign="top"  style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |
 
| valign="top"  style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |
  
== What is JSEC CVE Details? ==
 
  
OWASP JSEC CVE Details provides:
 
  
* a Jar Executable File
+
{| width="200" cellpadding="2"
 +
  |-
 +
  | align="center" valign="top" width="50%" rowspan="2"| [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
 +
  | align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] 
 +
  |-
 +
  | align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
 +
  |-
 +
  | colspan="2" align="center"  | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
 +
  |-
 +
  | colspan="2" align="center"  | [[File:Project_Type_Files_CODE.jpg|link=]]
 +
  |}
  
== Presentation ==
+
== News and Events ==
 +
* [13 June 2014] Released the project as opensource
 +
* [17 August 2014] Requested for OWASP project approval
 +
* [20 August 2014] Project Proposal Accepted
 +
* [22 September 2014 ] v2.0 released
 +
* [1st October 2016 ] v2.1 Released
 +
* [10th October 2016 ] v3.0 Planned to be released
  
Link to presentation
+
| valign="top"  style="padding-left:25px;width:200px;" |
[https://www.owasp.org/images/e/e5/Jsecv2.pptx]
 
  
 
== Project Leader ==
 
== Project Leader ==
  
 
[mailto:[email protected] Dibyendu Sikdar]
 
[mailto:[email protected] Dibyendu Sikdar]
 
  
 
== Related With ==
 
== Related With ==
  
 
[http://www.sillycon.org SillyCon - OWASP Kolkata Chapter]
 
[http://www.sillycon.org SillyCon - OWASP Kolkata Chapter]
 
 
| valign="top"  style="padding-left:25px;width:200px;" |
 
  
 
== Github ==
 
== Github ==
  
[https://github.com/dibsy/JSEC_CVE_DETAILS Github!]
+
[https://github.com/dibsy/OWASP-JSEC_CVE_DETAILS]
  
 
== Quick Download ==
 
== Quick Download ==
Line 70: Line 82:
 
[https://lists.owasp.org/mailman/listinfo/owasp-jsec-cve-details Sign up!]
 
[https://lists.owasp.org/mailman/listinfo/owasp-jsec-cve-details Sign up!]
  
== News and Events ==
 
* [13 June 2014] Released the project as opensource
 
* [17 August 2014] Requested for OWASP project approval
 
* [20 August 2014] Project Proposal Accepted
 
* [22 September 2014 ] v2.0 released
 
 
 
== In Print ==
 
  
  
==Classifications==
+
    
 
 
   {| width="200" cellpadding="2"
 
  |-
 
  | align="center" valign="top" width="50%" rowspan="2"| [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
 
  | align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] 
 
  |-
 
  | align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
 
  |-
 
  | colspan="2" align="center"  | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
 
  |-
 
  | colspan="2" align="center"  | [[File:Project_Type_Files_CODE.jpg|link=]]
 
  |}
 
  
 
|}
 
|}
Line 98: Line 90:
 
=FAQs=
 
=FAQs=
  
; Q1
+
; How to contribute ?
: A1
+
: 1.Clone or Download the Project
 +
: 2.Open Eclipse
 +
: 3.Import the project as existing projects in workspace
 +
: 4.Run the JSEC.java file
  
; Q2
+
 
: A2
+
; How to get the executable Jar file
 +
: Either you import the project and export it as a JAR or
 +
: Download from sourceforge https://sourceforge.net/projects/jseccvedetails/
  
 
= Acknowledgements =
 
= Acknowledgements =
Line 109: Line 106:
  
 
* Debarshi Das - Designing OWASP Logo
 
* Debarshi Das - Designing OWASP Logo
*
 
  
 
==Others==
 
==Others==
Line 116: Line 112:
  
 
= Road Map and Getting Involved =
 
= Road Map and Getting Involved =
 +
*Updates : October 2016
 +
*v2.1 source code has been released in Github
 +
*v2.1 has POCs and Exploits searching capabilities
 +
*v3.0 is planned to to be released on 2nd Week of October 2016
 +
*v3.0 has features of scanning is being added
 +
*v4.0 will have cloud integration and REST apis
 +
 +
 
As of August, 2014, the priorities are:
 
As of August, 2014, the priorities are:
  
Line 121: Line 125:
 
*Using this tool the user can receive latest CVE details and choosing the type of vulnerability i.e. CSRF / XSS / etc  
 
*Using this tool the user can receive latest CVE details and choosing the type of vulnerability i.e. CSRF / XSS / etc  
 
*Other features to be added in future are like searching the Proof of Concepts for every CVE that is listed .  
 
*Other features to be added in future are like searching the Proof of Concepts for every CVE that is listed .  
*This project has already been started by me and it is available at http://dibsy.github.io/JSEC_CVE_DETAILS/
+
 
  
 
Involvement in the development and promotion of JSEC CVE Details is actively encouraged!
 
Involvement in the development and promotion of JSEC CVE Details is actively encouraged!
Line 128: Line 132:
 
* Find bugs in the code
 
* Find bugs in the code
 
* Suggest ideas
 
* Suggest ideas
 
 
  
 
=Project About=
 
=Project About=

Latest revision as of 21:09, 30 September 2016

OWASP Inactive Banner.jpg

OWASP JSEC CVE Details

OWASP JSEC CVE DETAILS is an opensource application developed in Java that uses the api provided by cvedetails.com to receive latest CVE updates. Apart from fetching the latest CVEs, it can also be used to search for expoits and vulnerabilities from exploitsearch.net. This tool is used to find and gather information related to CVEs.

The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures. MITRE Corporation maintains the system, with funding from the National Cyber Security Division of the United States Department of Homeland Security.CVE is used by the Security Content Automation Protocol, and CVE IDs are listed on MITRE's system[2] as well as the US National Vulnerability Database.

This project has now been officially approved by OWASP. Here is the link to the project details on OWASP Website https://www.owasp.org/index.php/OWASP_JSEC_CVE_Details


www.cvedetails.com provides an easy to use web interface to CVE vulnerability data.You can browse for vendors, products and versions and view cve entries, vulnerabilities,related to them. You can view statistics about vendors, products and versions of products.CVE details are displayed in a single, easy to use page

www.exploitsearch.net, is an attempt at cross referencing/correlating exploits and vulnerability data from various sources and making the resulting database available to everyone.

  • [Features]
  • [+] Fetch Recent CVEs
  • [New Features included in v2.0]
  • [+] Search for vulnerabilities of different platform/application/categories
  • [+] Search CVEs
  • [+] Search POC & Exploits


Description

JsecV2.PNG

Licensing

OWASP JSEC CVE Details is free to use. It is licensed under the GNU GPL v3 license.


New projects.png Owasp-builders-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png
Project Type Files CODE.jpg

News and Events

  • [13 June 2014] Released the project as opensource
  • [17 August 2014] Requested for OWASP project approval
  • [20 August 2014] Project Proposal Accepted
  • [22 September 2014 ] v2.0 released
  • [1st October 2016 ] v2.1 Released
  • [10th October 2016 ] v3.0 Planned to be released

Project Leader

Dibyendu Sikdar

Related With

SillyCon - OWASP Kolkata Chapter

Github

[1]

Quick Download

Download now!

Email List

Sign up!



How to contribute ?
1.Clone or Download the Project
2.Open Eclipse
3.Import the project as existing projects in workspace
4.Run the JSEC.java file


How to get the executable Jar file
Either you import the project and export it as a JAR or
Download from sourceforge https://sourceforge.net/projects/jseccvedetails/

Volunteers

The primary contributors to date have been:

  • Debarshi Das - Designing OWASP Logo

Others

  • Adam - Exploit Search (exploitsearch.net)
  • Admin - cvedetails.com
  • Updates : October 2016
  • v2.1 source code has been released in Github
  • v2.1 has POCs and Exploits searching capabilities
  • v3.0 is planned to to be released on 2nd Week of October 2016
  • v3.0 has features of scanning is being added
  • v4.0 will have cloud integration and REST apis


As of August, 2014, the priorities are:

  • This tool uses the api provided by cvedetails.com.
  • Using this tool the user can receive latest CVE details and choosing the type of vulnerability i.e. CSRF / XSS / etc
  • Other features to be added in future are like searching the Proof of Concepts for every CVE that is listed .


Involvement in the development and promotion of JSEC CVE Details is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help:

  • Find bugs in the code
  • Suggest ideas
PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: JSEC CVE Details
Purpose: JSEC CVE DETAILS is an opensource application developed in Java that uses the api provided by cvedetails.com to receive latest CVE updates.

http://dibsy.github.io/JSEC_CVE_DETAILS/

License: GNU GPL v3 License
who is working on this project?
Project Leader(s):
  • Dibyendu Sikdar @
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: [Owasp-jsec-cve-details Mailing List Archives]
Project Roadmap: Not Yet Created
Key Contacts
  • Contact Dibyendu Sikdar @ to contribute to this project
  • Contact Dibyendu Sikdar @ to review or sponsor this project
current release
v2.1
last reviewed release
Not Yet Reviewed


other releases