Smooth migration of a feature-rich vulnerability analysis engine within a security portal for users with divergent skill levels
November 21, 2019
We have been operating a vulnerability management portal site for the DMZ network, namely the network which allows connections from the Internet. In the DMZ network, security management is crucially important, and vulnerability management is useful for maintaining security. The portal site is named DMZ User's Portal and has been successfully operating for 13 years. For DMZ User's Portal, we have adopted the same series of a vulnerability analysis engine, which has many advantages, but a more powerful inspection performance of the engine has gradually become required in preparation for today's hard security circumstances. Now, we decided to replace the engine with a more powerful and complex one. With the replacement, it is desirable to continue the successful experiences and contributions of the portal site. However, it is quite a difficult task without the careful design and development of the modules in advance.
This paper presents the design and methods for the smooth migration of the feature-rich vulnerability analysis engine within the security portal site. The key point is the careful consideration of the module dependency. To achieve a lower degree of module dependency, the techniques of Object-Relational (O/R) mapping, code generation, wrapper architecture, template engine consolidation, and test case were leveraged. We can continue to operate the portal site while inheriting the successful experiences as well as gaining the benefits of a new and powerful vulnerability analysis engine.
How to cite
Metadata are provided both in "article" format (very similar to INSPIRE) as this helps creating
very compact bibliographies which can be beneficial to authors and
readers, and in "proceeding" format
which is more detailed and complete.