Library Inspector 2.1

Library Inspector 2.1 4,7/5 4107 votes

See search results for 'Chief Inspector Armand Gamache' in the San Diego County Library digital collection. See search results for 'Chief Inspector Armand Gamache' in the Multnomah County Library digital collection. See search results for 'Chief Inspector Armand Gamache' in the Multnomah County Library digital collection. Grade 2 1; Search results for Chief Inspector Armand Gamache.

Semiannual Reports to Congress for Periods Ending

  • September 2019 (PDF, 24.1 MB) text version
  • March 2019 (PDF, 4.1 MB) text version
  • September 2018 (PDF, 1.7 MB) text version
  • March 2018 (PDF, 1.7 MB) text version
  • September 2017 (PDF, 2.1 MB) text version
  • March 2017 (PDF, 1.5 MB) text version
  • September 2016 (PDF, 1.5 MB) text version
  • March 2016 (PDF, 1.5 MB) text version
  • September 2015 (PDF, 1.5 MB) text version
  • March 2015 (PDF, 1.1 MB) text version
  • September 2014 (PDF, 1.0 MB) text version
  • March 2014 (PDF, 1.5 MB) text version
Library Inspector 2.1

Audits and Other Reports

Fiscal Year 2020 (Issued October 1, 2019—September 30, 2020)

  • Audit of Overseas Field Offices – Rio de Janeiro, Brazil (Not for Public Release), November 2019
  • FY 2019 Audit of the Library of Congress Momentum Cloud General System and Application Controls (Not for Public Release), November 2019

Fiscal Years 2013-2019

Contact Us

If you have any questions or comments, please call us at the following number: (202) 707-6314.

Hotline

To report suspected fraud, waste, abuse or mismanagement within the Library of Congress, please contact us via our hotline online form.

Any information you provide will be held in confidence.

Public General Release Is Now Available

The first project general release (1.0) was on 12/16/19. It was previously presented for the first time at SecTor 2019.

Overview

Application Inspector's primary objective is to identify source code features in a systematic and scalable way not found elsewhere in typical static analyzers. This enables developer and security professionals to validate purported component objectives e.g. a string padding library only does what it says.

Modern applications rely heavily on software written outside of your company which comes with risks. Application Inspector can help identify interesting characteristics of an application by examining source code saving significant time over performing this manually.

Knowing what is in your software is the first step to making key choices about what actions are appropriate before allowing it to be deployed in your own or to customer environments. Our tool includes hundreds of default identifying patterns for detecting general features like frameworks used, file I/O, OS API's as well as the ability to detect key security and privacy features of a component.

A Quick Look

Application Inspector will scan projects with supported languages including projects with mixedlanguages i.e. those that contain multiple languages in the same directory or sub-directories for well-known identifying features.

On Rusty Trails Description On Rusty Trails is a modern, illustrative platformer, set in a world constantly reacting to your change in identity. On Rusty Trails - The Digital Comic Reviews “A beautiful yet bleak platformer that deals with serious topics while staying lighthearted, On Rusty Trails is easy to recommend for fans of platformers. On rusty trails (2016) michigan. Jun 13, 2016  On Rusty Trails is a modern, illustrative platformer, set in a world constantly reacting to your change in identity. You are Elvis. Home owner, triangular metal person and lover of dryness. A sudden thunderstorm leaves your house dissolved into a pile of rubble. Only lightning-fast reactions will. On Rusty Trails (2016) Aleph 1024x205. DOWNLOAD On Rusty Trails (2016) BigHungryChicken 1024x121. DOWNLOAD On Rusty Trails (2016) BigHungryChicken 4343x483. DOWNLOAD Original Steam Assets. Upload Must be logged in to be able to upload. Upload Logos Must be logged in to be able to upload. “On Rusty Trails NEEDS to be put on your list of stuff to play in 2016” – Greg Wilcox, Destroy All Fanboys “The melancholic environment with its constant rain and thunderstorms is the canvas for a treacherously challenging and surprisingly deep platformer.”.

By default Application Inspector generates a browser based report for visually illustrating the detected features with a drill down capability to review the code section, a project summary reporting languages used and other meta-data.

It also supports JSON and TEXT output format options for piping into a database for additional search and reporting options.

Additionally, it includes a confidence indicator (and filter) as well as the ability to drill down to the code file area where the match was found.

Why It's Different

While other tools play an important role in automating detection of vulnerabilities and poor security or other coding practices, Application Inspector helps to answer the question what is in it? Application Inspector is judgement free, focusing instead on helping inform security and other scenarios by surfacing details that might otherwise go unnoticed.

Note: It does not take the place of a security code review or security static analyzer but in a fast paced and highly automated driven development world, this is an important addition to your toolset.

Unseen Threats

Well constructed and hidden backdoors can go undetected by a tool that is only looking for poor security programming practices because it doesn’t look at context at a feature level.

  • Characterizing key features of source code including privacy impacting data use
  • Detecting sudden feature changes between component versions
  • Mapping detected features to security requirements (enabling-only)
  • True/false testing for specific features vs entire set

Example Features Detection

AuthN/AuthZ

  • Oauth, Microsoft Identity, Google
  • LDAP, Kerberos, NTLM, SAML
  • Claims, RBAC

Control Flow

  • Dynamic Code Execution
  • Process Management

Cryptography

  • Encryption (AES, DES, 3DES, many more)
  • Hashing (SHA1,SHA2,SHA3,PBKDF,Blowfish, many more)
  • Secrets
  • PKI Operations (create cert, signing, client auth)
  • Protocols (TLS,SSL,SSH, many more)
  • Randomization

OS Operations

  • File System (read/write)
  • Environment Variables
  • Network Operations (http,RPC,modem,bios,others
  • User Accounts (create,delete)
  • Windows Registry (create,write,delete)

Data

  • JSON/XML/Active Content
  • Object Deserialization
  • Secrets / Access Keys
  • Sensitive Data (PII, Financial)
  • SQL / ORM

Data Handling

  • Object Serialization (XML/JSON)
  • Flash, PDF, Silverlight
  • Audio/Video Media Use or Parsing
  • Bluetooth, Cellular, RPC

Build

  • Dev/Test Frameworks
  • Containers
  • Dependencies
  • Platform/Build Targets/App Type
  • Open Source Use

Service Providers

  • Cloud Services (hosting, data storage, apps)
  • Social Media, Source Repos, CI/CD
  • Telemetry

To see a complete set of unique 'tags' supported for feature identification, see the tags of this wiki, or use the 'exporttags' command.

  • DevOps Engineers - View source code characteristics at a feature level to determine if a component contains only what is expected. Use to compare and find alternates to identify sudden and unexpected feature changes of significance.
  • IT Security Auditors - Evaluate risk presented when third-party software is included in solution source.

Overview

The application is a client .NET Core based tool so it will run on Windows, Linux or macOS and does not require elevated privileges and there is no local database or network communications or telemetry. To run it , simply use the standard dotnet command line to invoke i.e. dotnet ApplicationInspector.dll if you are on a Linux or macOS system or if you are on Windows AppInspector.exe. See the readme or more on command options or the built-in help.

The basic steps for using Application Inspector are:

  1. Download a component in compressed or uncompressed formats
  2. Run Application Inspector pointing it at the component source code, specifying the command, report format and other options. See Readme.md for more.

There are two primary ways to customize the content of the report results:

  • Custom Rules (feature pattern to scan for e.g. regex, language)
  • Custom Report (filter what features to display in the report output)

Custom Rules

We've worked hard to identify a large default starting set for the first release. You can also add your own rules in a separate path to the default set and retain the default set or exclude them using command line options. See this wiki for more on Rules and how to customize if needed.

Library Inspector 2.1 Software

Custom Reports

Library Inspector 2.1 Pc

Application Inspector builds both an HTML output.html report and output.json report files which are organized dynamically around indicated preferred tags found in the preferences files. To customize a report, see Customized Reports