dradis
play

dradis Dradis Daniel Martn Gmez etd september '07 1 Agenda - PowerPoint PPT Presentation

May 23, 2023 •387 likes •626 views

dradis Dradis Daniel Martn Gmez etd september '07 1 Agenda Scenario: where are we? System design Architecture Implementation Demo What's next? scenario: where are we? Penetration testing is about information

  1. dradis Dradis Daniel Martín Gómez etd september '07 1

  2. Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture ➔ Implementation ➔ Demo ➔ What's next?

  3. scenario: where are we? ➔ Penetration testing is about information ✔ port scan ✔ vuln. scan Information Discovery ✔ web app scan ✔ ... SEMS ✔ metasploit Exploiting ✔ milw0rm ✔ ... ✔ reporterator Reporti ✔ word ng ✔ pdf tools ✔ ... Repor2rator 3

  4. scenario: where are we? ➔ Penetration testing is about information ➔ And what about information sharing? ✔ Each tester writes a “notes” file ✔ Some testers add the stuff straight to reporterator Problems with this approach: ✔ Exploiting oportunities may be lost ✔ Overlapping ✔ Lack of standarization in the “notes” ✔ Synchronization problems when using reporterator 4

  5. scenario: where are we? ➔ Penetration testing is about information ➔ And what about information sharing? ✔ Each tester writes a “notes” file ✔ Some testers add the stuff straight to reporterator Problems with this approach: ✔ Exploiting oportunities may be lost ✔ Overlapping while testing ✔ Lack of standarization in the “notes” ✔ Synchronization problems when using reporterator Does this sound anywhere near Quality or Efficiency ? 5

  6. scenario: where are we? What is DRADIS? < 6

  7. Agenda ➔ Scenario: where are we? ➔ System design

  8. system design ➔ Goals and chalenges ✔ create a system to effectively share information 8

  9. system design ➔ Goals and chalenges ✔ create a system to effectively share information ✔ easy to use, easy to be adopted 9

  10. system design ➔ Goals and chalenges ✔ create a system to effectively share information ✔ easy to use, easy to be adopted ✔ flexibility => growth ; good design 0 1

  11. system design ➔ Goals and chalenges ● create a system to effectively share information ● easy to use, easy to be adopted ● flexibility => growth ; good design ✔ small and portable, so it can be used on site 1 1

  12. system design ● Goals and chalenges ● create a system to effectively share information ● easy to use, easy to be adopted ● flexibility => growth ; good design ● small and portable, so it can be used on site ➔ Benefits ➔ information is organized 2 1

  13. system design ● Goals and chalenges ● create a system to effectively share information ● easy to use, easy to be adopted ● flexibility => growth ; good design ● small and portable, so it can be used on site ➔ Benefits ➔ information is organized ➔ saves time: while testing and while reporting 3 1

  14. system design ● Goals and chalenges ● create a system to effectively share information ● easy to use, easy to be adopted ● flexibility => growth ; good design ● small and portable, so it can be used on site ➔ Benefits ➔ information is organized ➔ saves time: while testing and while reporting ➔ effective knowledge sharing 4 1

  15. system design ➔ Goals and chalenges ✔ create a system to effectively share information ✔ easy to use, easy to be adopted ✔ not too restrictive ✔ flexibility => growth ; good design ✔ small and portable, so it can be used on site ➔ Benefits ➔ information is organized ➔ saves time: while testing and while reporting ➔ effective knowledge sharing ➔ it is also good for one man testing 5 1

  16. Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture

  17. architecture DRADIS ➔ Client / Server architecture ➔ Coded in Ruby ➔ Multiple interfaces ➔ Different user profiles 7 1

  18. architecture REST Database Web 8 1

  19. Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture ➔ Implementation

  20. Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture ➔ Implementation ➔ Demo

  21. Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture ➔ Implementation ➔ Demo ➔ What's next?

  22. what's next? ➔ Give it a try! < ➔ Feature requests DRADIS ➔ Improve it yourself ➔ It will be released under GPL ➔ Hopefully on sourceforge 2 2

  23. dradis ¿Questions? Daniel Martín Gómez etd september '07 3 2

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Introduction to Dradis plugin programming 22 February 2008 by Siebert Lubbe Overview General

Introduction to Dradis plugin programming 22 February 2008 by Siebert Lubbe Overview General

Introduction to Dradis plugin programming 22 February 2008 by Siebert Lubbe Overview General client side structure Dispatcher Plugin framework Small example Nmap plugin General client side structure Have a look at you Dradis

214 views • 7 slides
The SPaCIoS Tool property-driven and vulnerability-driven security testing for Web-based apps

The SPaCIoS Tool property-driven and vulnerability-driven security testing for Web-based apps

The SPaCIoS Tool property-driven and vulnerability-driven security testing for Web-based apps Alessandro Armando DIBRIS University of Genova and Security &amp; Trust FBK, Trento (on behalf of the SPaCIoS consortium) STREP Project number:

775 views • 17 slides
Topics in Security Testing [Reading assignment: Chapter 13, pp. 193-209. Note that many more

Topics in Security Testing [Reading assignment: Chapter 13, pp. 193-209. Note that many more

Topics in Security Testing [Reading assignment: Chapter 13, pp. 193-209. Note that many more topics are covered in these slides and in class.] Computer Security The goal of computer security is to protect computer assets ( e.g., servers,

1.53k views • 119 slides
Testing Internet Security [1] VU Engin Kirda engin@infosys.tuwien.ac.at Christopher Kruegel

Testing Internet Security [1] VU Engin Kirda engin@infosys.tuwien.ac.at Christopher Kruegel

Testing Internet Security [1] VU Engin Kirda engin@infosys.tuwien.ac.at Christopher Kruegel chris@auto.tuwien.ac.at Admin Issues The exam will take place on the 28th of June Check web site for exam location (tentative might

998 views • 33 slides
Move left in the SDLC z - Jaswinder Kaur z Jaswinder Kaur Senior Security Engineer at

Move left in the SDLC z - Jaswinder Kaur z Jaswinder Kaur Senior Security Engineer at

Move left in the SDLC z - Jaswinder Kaur z Jaswinder Kaur Senior Security Engineer at T-Mobile, Washington Worked previously in DC government and Bank of America Expertise in web application security testing, architecture

286 views • 16 slides
Dragos, Inc. | May 2019 Student Student Officer Student Officer Network Defender Student

Dragos, Inc. | May 2019 Student Student Officer Student Officer Network Defender Student

Joe Slowik / @jfslowik Dragos, Inc. | May 2019 Student Student Officer Student Officer Network Defender Student Officer Network Defender ICS Defender

725 views • 46 slides
TACKYDROID Pentesting Android Applications in Style THIS TALK IS ABOUT AN APP WE ARE MAKING

TACKYDROID Pentesting Android Applications in Style THIS TALK IS ABOUT AN APP WE ARE MAKING

TACKYDROID Pentesting Android Applications in Style THIS TALK IS ABOUT AN APP WE ARE MAKING This talk IS NOT about Android platform itself This talk IS about how we want to contribute auditing apps that run on Android systems With

975 views • 74 slides
From Training to Education: Building Offensive Curriculum from Training Certifications * or

From Training to Education: Building Offensive Curriculum from Training Certifications * or

From Training to Education: Building Offensive Curriculum from Training Certifications * or Why I watched the entire movie library over Spring Break By: Michael Kranch CANSec 2018 October 27-28 Who Am I? B.S. / M.S. in Computer

507 views • 24 slides
Data Examples Announcements Examples: Objects Land Owners Instance attributes are found before

Data Examples Announcements Examples: Objects Land Owners Instance attributes are found before

Data Examples Announcements Examples: Objects Land Owners Instance attributes are found before class attributes; class attributes are inherited class Worker: &lt;class Worker&gt; &gt;&gt;&gt; Worker().work() &gt;&gt;&gt; Worker().work()

818 views • 8 slides
Netconf Protocol: Security Considerations Wes Hardaker &lt;hardaker@tislabs.com&gt; 2004.Aug.05

Netconf Protocol: Security Considerations Wes Hardaker &lt;hardaker@tislabs.com&gt; 2004.Aug.05

Netconf Protocol: Security Considerations Wes Hardaker &lt;hardaker@tislabs.com&gt; 2004.Aug.05 Netconf Authentication and Access Control There is inherent access control now: The authentication process should result in an entity whose

373 views • 12 slides
C++ (1 of 3) Mid-late 1990s, C was language of choice Since then, C++ language of choice

C++ (1 of 3) Mid-late 1990s, C was language of choice Since then, C++ language of choice

The Game Development Process Game Programming Outline Teams and Processes Select Languages Debugging Misc (as time allows) AI Multiplayer 1 Introduction Used to be programmers created games But many great

585 views • 32 slides
Business Model Canvas and CHEEKY CHUNK CASE STUDY Raj Jaswa Pratik Doshi Jan 2018 Focus on

Business Model Canvas and CHEEKY CHUNK CASE STUDY Raj Jaswa Pratik Doshi Jan 2018 Focus on

Business Model Canvas and CHEEKY CHUNK CASE STUDY Raj Jaswa Pratik Doshi Jan 2018 Focus on one step at a time, the rest will figure out! M.A.N.U.F.A.C.T.U.R.I.N.G. List of Manufacturers. Cold Calling. Facing Rejections.

3.82k views • 43 slides
Active Probing and Deep Packet Inspection detection resistant tunneling through HTTPS connections

Active Probing and Deep Packet Inspection detection resistant tunneling through HTTPS connections

Chair for Network Architectures and Services Technical University of Munich (TUM) Active Probing and Deep Packet Inspection detection resistant tunneling through HTTPS connections Intermediate Talk Julien Schmidt May 30, 2016 Chair for

384 views • 16 slides
Fixing problems with grammars Informatics 2A: Lecture 13 John Longley School of Informatics

Fixing problems with grammars Informatics 2A: Lecture 13 John Longley School of Informatics

LL(1) grammars: summary Fixing problems with grammars Informatics 2A: Lecture 13 John Longley School of Informatics University of Edinburgh jrl@inf.ed.ac.uk 22 October 2015 1 / 20 LL(1) grammars: summary LL(1) grammars: summary Given a

445 views • 23 slides
SPDY, err... HTTP 2.0 WebRTC for fun and profit... Ilya Grigorik - @igrigorik,

SPDY, err... HTTP 2.0 WebRTC for fun and profit... Ilya Grigorik - @igrigorik,

SPDY, err... HTTP 2.0 WebRTC for fun and profit... Ilya Grigorik - @igrigorik, gplus.to/igrigorik Make the Web Fast, Google So... HTTP 2.0, or SPDY? &quot;This draft is a work-in-progress, and does not yet reflect Working Group consensus ...

1.25k views • 55 slides
FreeBSD and NetBSD on APM86290 System on Chip Zbigniew Bodek zbb@semihalf.com EuroBSDCon 2012,

FreeBSD and NetBSD on APM86290 System on Chip Zbigniew Bodek zbb@semihalf.com EuroBSDCon 2012,

FreeBSD and NetBSD on APM86290 System on Chip Zbigniew Bodek zbb@semihalf.com EuroBSDCon 2012, Warsaw FreeBSD and NetBSD on APM86290 System on Chip Presentation outline Introduction Market requirements Hardware overview

874 views • 34 slides
Is electroweak baryogenesis dead? with K. Kainulainen and D. Tucker-Smith Jim Cline, McGill U.

Is electroweak baryogenesis dead? with K. Kainulainen and D. Tucker-Smith Jim Cline, McGill U.

Is electroweak baryogenesis dead? with K. Kainulainen and D. Tucker-Smith Jim Cline, McGill U. Higgs cosmology meeting, 28 March, 2017 J. Cline, McGill U. p. 1 J. Cline, McGill U. p. 2 See also G. Servants talk . . . The SM BEH?

1.4k views • 34 slides
Finding &amp; Backgrounding People Research Madness March 22, 2010 When Do You Need to Research

Finding &amp; Backgrounding People Research Madness March 22, 2010 When Do You Need to Research

3/22/2010 Finding &amp; Backgrounding People Research Madness March 22, 2010 When Do You Need to Research People? You are searching for a job and want to learn more about the employees at a firm. You are conducting client development .

475 views • 8 slides
Finding Monotone Patterns in Sublinear Time Erik Waingarten (Columbia University) Cl ement

Finding Monotone Patterns in Sublinear Time Erik Waingarten (Columbia University) Cl ement

Finding Monotone Patterns in Sublinear Time Erik Waingarten (Columbia University) Cl ement Canonne (Stanford University) Omri Ben-Eliezer (Tel-Aviv University) Shoham Letzter (ETH Zurich) 1 / 14 Testing Monotonicity of an Array: Sortedness

983 views • 59 slides
Machine Learning (AIMS) - MT 2018 1. Dimensionality Reduction Varun Kanade University of Oxford

Machine Learning (AIMS) - MT 2018 1. Dimensionality Reduction Varun Kanade University of Oxford

Machine Learning (AIMS) - MT 2018 1. Dimensionality Reduction Varun Kanade University of Oxford November 5, 2018 Unsupervised Learning Training data is of the form x 1 , . . . , x N Infer properties about the data Search: Identify patterns

727 views • 45 slides
10/5/2020 Finding Work-Life Balance By Deidre Hayes and Madison Herman 1 At home chef

10/5/2020 Finding Work-Life Balance By Deidre Hayes and Madison Herman 1 At home chef

10/5/2020 Finding Work-Life Balance By Deidre Hayes and Madison Herman 1 At home chef Amateur Astronomer Good backwards driver Dinosaur Enthusiast Want to be Roadtripper Adventurer at Heart Arizonian For

542 views • 4 slides
Improving People Search Using Query Expansions How Friends Help To Find People Thomas Mensink

Improving People Search Using Query Expansions How Friends Help To Find People Thomas Mensink

Improving People Search Using Query Expansions How Friends Help To Find People Thomas Mensink &amp; Jakob Verbeek LEAR Team, INRIA Rh one-Alpes Grenoble, France Mensink &amp; Verbeek (INRIA) Improving People Search Using Query Expansions

297 views • 28 slides
Sliding Windows Sanja Fidler CSC420: Intro to Image Understanding 1 / 49 Type of Approaches

Sliding Windows Sanja Fidler CSC420: Intro to Image Understanding 1 / 49 Type of Approaches

Object Detection Sliding Windows Sanja Fidler CSC420: Intro to Image Understanding 1 / 49 Type of Approaches Different approaches tackle detection differently. They can roughly be categorized into three main types: Find interest points ,

883 views • 51 slides
Jobs for People with Developmental Disabilities: Making It Happen! Catherine Nichols, Senior

Jobs for People with Developmental Disabilities: Making It Happen! Catherine Nichols, Senior

Jobs for People with Developmental Disabilities: Making It Happen! Catherine Nichols, Senior Director Accessibility Programs linkedin.com/in/catherinecnichols 19th Annual Developmental Disabilities: An Update for Health Professionals March

416 views • 6 slides

More recommend