Smooth migration of a feature-rich vulnerability analysis engine within a security portal for users with divergent skill levels
2019 November 21
We have been operating a vulnerability management portal site for the DMZ network, namely the network which allows connections from the Internet. In the DMZ network, security management is crucially important, and vulnerability management is useful for maintaining security. The portal site is named DMZ User's Portal and has been successfully operating for 13 years. For DMZ User's Portal, we have adopted the same series of a vulnerability analysis engine, which has many advantages, but a more powerful inspection performance of the engine has gradually become required in preparation for today's hard security circumstances. Now, we decided to replace the engine with a more powerful and complex one. With the replacement, it is desirable to continue the successful experiences and contributions of the portal site. However, it is quite a difficult task without the careful design and development of the modules in advance.
This paper presents the design and methods for the smooth migration of the feature-rich vulnerability analysis engine within the security portal site. The key point is the careful consideration of the module dependency. To achieve a lower degree of module dependency, the techniques of Object-Relational (O/R) mapping, code generation, wrapper architecture, template engine consolidation, and test case were leveraged. We can continue to operate the portal site while inheriting the successful experiences as well as gaining the benefits of a new and powerful vulnerability analysis engine.