English | Deutsch
Home »

The Conference was a success

Thanks all participants, it was fun and a success. Read the DevCon4 Results.

OpenVAS Developer Conference #4 (June 26-28 2013)

Now for the fourth time the OpenVAS team met in real life to discuss and plan next features of the OpenVAS framework.

Anyone being active as OpenVAS developer, tester, packager or user was welcome.

Conference sponsors:

Greenbone Networks GmbH

Conference Agenda

This is a collection of thoughts discussed on the mailing lists openvas-discuss and openvas-devel.

Please involve yourself there to express your ideas or needs.

Ideas collected so far:

Place

Hildesheim
Germany

Accomodation

Greenbone will take care of hotel reservations. Please include your preferences with the expression of interest for attending.

Block booking was done for: Novotel Hildesheim

Travel assistance

Hotel address (700m walk from main train station):

Novotel
Bahnhofsallee 38
31134 Hildesheim
Germany

Conference site address (200m walk from main train station):

Pengutronix
Peiner Straße 6-8
31137 Hildesheim
Germany

Airport (Airport Hannover, HAJ):

Travel time from Airport to Hotel: about 1h
From Airport take the S-Bahn S5 to Hannover main station (takes 20 minutes).
From Hannover main station, take a train to Hildesheim main station (takes 25 minutes).

Walk from hotel (A) to conference place (B):

Emergency telephone: Please ask devcon@greenbone.net if you like to have cell phone numbers of the local organization team for emergency purposes.

How to attend

Please send an email to devcon@greenbone.net and let us know arrival and departure time.

Preliminary schedule

Time Wed, June 26th Thu, June 27th Fri, June 28th
8-10 Hacking
10-11 Get Together, Hacking Session: Interfacing Session: NVTs
11-12 Get Together, Hacking Session: Interfacing Session: NVTs
12-13 Get Together, Hacking Session: Interfacing Session: NVTs
13-14 Lunch Lunch Lunch
14-15 Welcome (Jan-Oliver Wagner) Social Event (City) Hacking, Continued Discussions
15-16 Redis: in-memory key/value store (Henri Doreau) Social Event (City) Closing Session: Summary
16-17 Live-Hacking (Lukas Grunwald) Session: Technology & Architecture Departure, Hacking, Continued Discussions
17-18 Very (very) large scale scanning (Henri Doreau) Session: Technology & Architecture Departure, Hacking, Continued Discussions
18-19 Restructuring OpenVAS Steering Team Session: Technology & Architecture Departure, Hacking, Continued Discussions
19-20 Hacking, Continued Discussions Hacking, Continued Discussions Departure, Hacking, Continued Discussions
20- At hotel: Dinner, Pub, Hacking Dinner

Results

Whiteboard Content

Session: Interfacing

* OMP
  * works well for many users
  * powerful
  * XML a bit complex for some cases
    * client required

* How about HTTP interface to OMP command set?
  * Would not require special client (wget could be used)
  * Needs simplifications

* RO access directly to DBMS

(Priority rating of these three items: RO acccess, HTTP interface)


* Pushing data from OpenVAS to 3rd party applications
  * Alerts send data upon condition (works)
  * Logging, works well except scanner
    * some OMP commands might be missing
  * Need SNMP Traps for security events "Single-Result-Alert-SNMP-Trap"

* CERT
  * via Feed or via user import (defining generic interface)?
* SCAP
  * Good enough as is
  * More data would not be a challenge though
* OSVDB
  * Makes sense because CVE/OSVDB/(EploitDB) almost 100% of
    relevant non-vendor advisories 
* Vendor-specific
  * Define generic interface

(Priority rating of these four items: Generic interface for
vendor-specific, OSVDB)

* Asset Management Systems:
  * Users desire easy, simple import and even link
  * but too complex, not critical
  * better not make "their problem" our problem

* Multiple, different scan engines
  * OSP
  * Requires some changes in Manager
  * Solves "import" of 3rd party scanner data
  * Non-IP addresses as a challenge (e.g. bluetooth)

Session: Technology & Architecture

* DBMS -> Replication / HA, Performance(?)
  * PostgreSQL
  * support SQLite (but: compile time)
  * for OpenVAS beginners to keep hurdles low

* OMP clients
  * GSA + CLI = enbough -> drop GSD
  * App? Wait for users with significant interest

* Asset Management
  * New DB model
  * Unified view for results/repository
  * Challenge: Identifiers

* Interface Awareness
  * configuring for bind
    * allow user to select on per-task basis 
  * codewise not a major issue
    * overwrite scanner prefs

* Control overall scan intensity
  * Thresholdm make adaptive, admin-controlled
  * not ware available resources

* Resource sharing (smb/ssh)
  * parallelism
  * log-pollution
  * target resource consumption control

Session: NVTs

* New Style description
  * Keep history of meta data
  * ASAP because trouble grows with each new user
    * first: history feature

* Some vulnerabilities only detectable via exploit
  * flag "exploit" or don't do it at all? -> explore feasibility
  * wait for exploit scanners via OSP?

* Malware detection?
  * systematic? -> No, we are not a AV
  * ocassionally as currently practiced? -> yes

* Policy/Compliance
  * need to improve work flow
    * split tests and reports/controls

* OVAL integration
  * via OSP, preferable remote, OVAL scanner
  * some management required in OpenVAS
  * Feed integration already there at admin level
 
* Formalized service detection
  * store into host details
  * consider naming scheme of IANA/Nmap
  * start with pilot, then change all

* Jump hosts (ssh)?
  * not all ports/tests (and only tcp)
  * alternative: reverse scanners
  * intrusive scanner change

Restructuring OpenVAS Steering Team

After several successful years it was time to update the steering group team. Responsibilities are to be reordered according to available time to invest into OpenVAS and other personal constraints.

It was considered to keep a simplified and flat steering team structure. Everyone shared the impression that the most neglected task is Public Relations and the most failing one is Documentation coordination. However, for both parts we are still searching for dedicated volunteers with long-term commitments.

The group agreed on the following new team structure:

Administrative coordinator: Tim Brown
Development coordinator: Jan-Oliver Wagner
Infrastructure coordinator: Michael Wiegand

The group thanks William Anderson and Robert Berkowitz for being part of OpenVAS when the project was born and for so many following years.