dradis
play

dradis Dradis Daniel Martn Gmez etd september '07 1 Agenda - PowerPoint PPT Presentation

dradis Dradis Daniel Martn Gmez etd september '07 1 Agenda Scenario: where are we? System design Architecture Implementation Demo What's next? scenario: where are we? Penetration testing is about information


  1. dradis Dradis Daniel Martín Gómez etd september '07 1

  2. Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture ➔ Implementation ➔ Demo ➔ What's next?

  3. scenario: where are we? ➔ Penetration testing is about information ✔ port scan ✔ vuln. scan Information Discovery ✔ web app scan ✔ ... SEMS ✔ metasploit Exploiting ✔ milw0rm ✔ ... ✔ reporterator Reporti ✔ word ng ✔ pdf tools ✔ ... Repor2rator 3

  4. scenario: where are we? ➔ Penetration testing is about information ➔ And what about information sharing? ✔ Each tester writes a “notes” file ✔ Some testers add the stuff straight to reporterator Problems with this approach: ✔ Exploiting oportunities may be lost ✔ Overlapping ✔ Lack of standarization in the “notes” ✔ Synchronization problems when using reporterator 4

  5. scenario: where are we? ➔ Penetration testing is about information ➔ And what about information sharing? ✔ Each tester writes a “notes” file ✔ Some testers add the stuff straight to reporterator Problems with this approach: ✔ Exploiting oportunities may be lost ✔ Overlapping while testing ✔ Lack of standarization in the “notes” ✔ Synchronization problems when using reporterator Does this sound anywhere near Quality or Efficiency ? 5

  6. scenario: where are we? What is DRADIS? < 6

  7. Agenda ➔ Scenario: where are we? ➔ System design

  8. system design ➔ Goals and chalenges ✔ create a system to effectively share information 8

  9. system design ➔ Goals and chalenges ✔ create a system to effectively share information ✔ easy to use, easy to be adopted 9

  10. system design ➔ Goals and chalenges ✔ create a system to effectively share information ✔ easy to use, easy to be adopted ✔ flexibility => growth ; good design 0 1

  11. system design ➔ Goals and chalenges ● create a system to effectively share information ● easy to use, easy to be adopted ● flexibility => growth ; good design ✔ small and portable, so it can be used on site 1 1

  12. system design ● Goals and chalenges ● create a system to effectively share information ● easy to use, easy to be adopted ● flexibility => growth ; good design ● small and portable, so it can be used on site ➔ Benefits ➔ information is organized 2 1

  13. system design ● Goals and chalenges ● create a system to effectively share information ● easy to use, easy to be adopted ● flexibility => growth ; good design ● small and portable, so it can be used on site ➔ Benefits ➔ information is organized ➔ saves time: while testing and while reporting 3 1

  14. system design ● Goals and chalenges ● create a system to effectively share information ● easy to use, easy to be adopted ● flexibility => growth ; good design ● small and portable, so it can be used on site ➔ Benefits ➔ information is organized ➔ saves time: while testing and while reporting ➔ effective knowledge sharing 4 1

  15. system design ➔ Goals and chalenges ✔ create a system to effectively share information ✔ easy to use, easy to be adopted ✔ not too restrictive ✔ flexibility => growth ; good design ✔ small and portable, so it can be used on site ➔ Benefits ➔ information is organized ➔ saves time: while testing and while reporting ➔ effective knowledge sharing ➔ it is also good for one man testing 5 1

  16. Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture

  17. architecture DRADIS ➔ Client / Server architecture ➔ Coded in Ruby ➔ Multiple interfaces ➔ Different user profiles 7 1

  18. architecture REST Database Web 8 1

  19. Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture ➔ Implementation

  20. Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture ➔ Implementation ➔ Demo

  21. Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture ➔ Implementation ➔ Demo ➔ What's next?

  22. what's next? ➔ Give it a try! < ➔ Feature requests DRADIS ➔ Improve it yourself ➔ It will be released under GPL ➔ Hopefully on sourceforge 2 2

  23. dradis ¿Questions? Daniel Martín Gómez etd september '07 3 2

More recommend