OASIS Application Vulnerability Description Language (AVDL) TC
Table of Contents
- Technical Work Produced by the Committee
- External Resources
- Mailing Lists and Comments
- Additional Information
The goal of AVDL is to create a uniform way of describing application security vulnerabilities. The OASIS AVDL TC creates an XML definition for exchange of information relating to security vulnerabilities of applications exposed to networks. For example, the owners of an application may use a scanning tool to test their application for exposed vulnerabilities to various types of malicious attacks. That tool may catalogue and record vulnerabilities detected into an XML file in AVDL format. That AVDL information may be utilized by application security gateways to recommend the optimal attack prevention policy for that specific application. Remediation products could use AVDL files to suggest the best course of action for correcting problems, while reporting tools could use AVDL to correlate event logs with areas of known vulnerability.
Application Vulnerability Description Language (AVDL) v1.0 [OASIS 200403]
Although not produced by the OASIS Application Vulnerability Description Language (AVDL) TC, the following information offers useful insights into its work.
OASIS Forms TC for Application Vulnerability Description Language (AVDL).
CoverPages, 2 April 2003
OASIS Committee Draft for the Application Vulnerability Description Language (AVDL).
Cover Pages, 9 Feb 2004
*To minimize spam, you must subscribe to these lists before posting.
If you are interested in obtaining a product that generates AVDL output, please go to www.spidynamics.com. You can download a trial version of WebInspect. The trial version contains a sample scan of a test site that you can generate AVDL output through the "Export" function.
For technical assistance regarding this OASIS TC web page, contact email@example.com.
Providing Feedback: OASIS welcomes feedback on its technical activities from potential users, developers, and others to better assure the interoperability and quality of OASIS work.