Wednesday 5 December 2012

OunceLabs WebScan Module (with 'Will It Scan' feature)

Back in the days (2008) I created a PoC for OunceLabs engine where it was possible to trigger scans via a website.

I found the files but there were a number of missing dependencies (like some JNBridge stuff which was shipped with last version of the OunceLabs product (pre IBM)).

So the best I can do is to open it in VisualStudio and show the aspx pages in design view.

This is where files to scan could be uploaded (*.zip and *.dll)

It was also possible for Security Consultants to upload scanned files (which would had been analysed and filtered)

This is where the Developer would go and download the assessments (and see some stats)

Here is what the VisualStudio solution file looks like (downloadable from here) which as you can see has a number of missing dependencies and projects

One of the powerful features that this site had was the 'Will It Scan' capability, where it would report if the uploaded files/project could be scanned, (or not) which was (and still is) one of the problems SAST engines have.

In a way this was a PoC of what OunceLabs in the Cloud could had looked like :)