CoSa (Audit Services Suite)

The inLabFIB – esCERT CoSa (Set of Audit Services) project is a web application that has been developed during 2016-2017 to offer security audit services, both systems and applications, automated to the UPC. It is an internal tool of the UPC.

This project consisted of bringing together public audit tools that we considered very useful and integrating them into the application.

The tools that have been integrated in this project have been:

• SqlMap: is a tool that automates the process of detecting and exploiting SQL code injection vulnerabilities.
• OpenVAS: is a framework that encompasses different tools specialized in vulnerability scanning and management.
• w3af: is a web application auditing framework.

The advantages that have been achieved with this project have been:

• To have the tools centralized by all ICT’s and that they do not have to install them individually in each department or unit.
• Ease of use, it provides a very simple and comfortable interface.
• Possibility of scheduling audits, being able to do them at night or with a certain periodicity.
• To have notifications via e-mail of the end of the audit.
• Information on other useful tools that are only available online.
• It is expandable, new tools can be easily incorporated.

The platform has been developed with the Python framework Django through the PyCharm IDE as backend, which is responsible for interacting between the frontend (for which the SBAdmin2 Bootstrap template and native HTML code is used) and the databases and scripts that will control and manage users, queues, permissions, and tools. For the database, the MySQL DBMS has been used.