Paper Info
Title
Towards Improving Productivity in NMapSecurity Audits
Abstract
Maintaining an adequate security level in computer infrastructures, like Internet-facing web servers, requires periodic assessment of their vulnerabilities with specialized security tools. nmap is arguably the most popular one, due to its versatility, powerful features, and low resource usage. However, this versatility can turn its usage difficult and error-prone, as it implements a lot of features and reports errors at runtime. This can lead to suboptimal results while designing auditing tasks. This research aims to decrease this complexity by developing a web GUI that favors experimentation, on-demand scans, and provides solutions to several shortcomings detected in the official one. We complemented it with a Domain Specific Language that implements early detection and reporting of syntax, type, and semantic errors when creating audit tasks. Both expand nmap possibilities, creating robust, schedulable, distributable, and portable auditing tasks able to find anomalies analyzing their output. Our initial release shows that the web GUI has been well received by several security related media and professionals. The language can detect and report a wide range of potential errors, substantially increasing the robustness of the created tasks. Therefore, Domain Specific Languages with early detection of type errors turned to be suitable to lower the complexity and expand the usage possibilities of complex tools like nmap.
Year
DOI
Venue
2019
10.13052/jwe1540-9589.1871
JOURNAL OF WEB ENGINEERING
Keywords
Field
DocType
nmap,web GUI,advanced features,productivity,Domain Specific Language,static type checking
Data mining,Audit,Engineering management,Computer science
Journal
Volume
Issue
ISSN
18
7
1540-9589
Citations 
PageRank 
References 
0
0.34
0
Authors
4
Name
Order
Citations
PageRank
Jose Manuel Redondo100.34
Daniel Cuesta200.34
Federico Garcia Lorca S300.34
N, , Oviedo, Spain400.34