CoSA (Audit Services Suite)

The inLabFIB - esCERT CoSA (Audit Services Suite, Conjunto de Servicios de Audiorias in spanish) project is a web application developed during 2016-2017 to provide automated system and application security auditing services to the UPC. It is an internal tool of the UPC.

This project has consisted of bringing together public audit tools that we have considered very useful and we have integrated them into the application.

The tools that have been integrated in this project are:

• SqlMap: is a tool that automates the process of detecting and exploiting SQL injection vulnerabilities.
• OpenVAS: is a framework that includes different specialized tools in the scanning and management of vulnerabilities.
• w3af: is a web application audit framework.

The advantages have been achieved with this project were:

• Having centralized tools for all IT and that they do not have to be installed individually on each department or unit.
• Ease of use, it provides a very simple and comfortable interface.
• Possibility to schedule the audits, to be able to do them at night or with certain periodicity.
• Have notifications via email of completion of the audit.
• Information on other useful tools that are only available via online.
• It is expandable, new tools can be easily incorporated.

The platform has been developed with the Python Django framework through the PyCharm IDE as a backend, which is responsible for interacting between the frontend (using the Bootstrap SBAdmin2 template and native HTML code) and databases and scripts that will control and manage users, queues, permissions, and tools. For the database, we used MySQL DBMS.