CoSA (Audit Services Suite)

noescert
Description 

The inLabFIB - esCERT CoSA (Audit Services Suite, Conjunto de Servicios de Audiorias in spanish) project is a web application developed during 2016-2017 to provide automated system and application security auditing services to the UPC. It is an internal tool of the UPC.

This project has consisted of bringing together public audit tools that we have considered very useful and we have integrated them into the application.

The tools that have been integrated in this project are:

  • SqlMap: is a tool that automates the process of detecting and exploiting SQL injection vulnerabilities.
  • OpenVAS: is a framework that includes different specialized tools in the scanning and management of vulnerabilities.
  • w3af: is a web application audit framework.

The advantages have been achieved with this project were:

  • Having centralized tools for all IT and that they do not have to be installed individually on each department or unit.
  • Ease of use, it provides a very simple and comfortable interface.
  • Possibility to schedule the audits, to be able to do them at night or with certain periodicity.
  • Have notifications via email of completion of the audit.
  • Information on other useful tools that are only available via online.
  • It is expandable, new tools can be easily incorporated.

The platform has been developed with the Python Django framework through the PyCharm IDE as a backend, which is responsible for interacting between the frontend (using the Bootstrap SBAdmin2 template and native HTML code) and databases and scripts that will control and manage users, queues, permissions, and tools. For the database, we used MySQL DBMS.

Duration of the project 
May, 2016 to June, 2017
Technology 
Bootstrap,
MySQL,
PyCharm,
Python
Areas of expertise involved in the project 
Thesis, master's or degree's final projects 
Articles and Presentations 

Follow us on

Els nostres articles del bloc d'inLab FIB

         
         

inLab FIB incorporates esCert

Icona ESCERT

inLab is member of