dradis Framework: Overview

1,093 views
1,016 views

Published on

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,093
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
8
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

dradis Framework: Overview

  1. 1. dradis Dradis Daniel Martín Gómez etd[-at-]nomejortu.com september '07 1
  2. 2. Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture ➔ Implementation ➔ Demo ➔ What's next?
  3. 3. scenario: where are we? ➔ Penetration testing is about information ✔ port scan ✔ vuln. scan Information Discovery ✔ web app scan ✔ ... ✔ metasploit Exploiting ✔ milw0rm ✔ ... ✔ reporterator Reporting ✔ word ✔ pdf tools ✔ ... 3
  4. 4. scenario: where are we? ➔ Penetration testing is about information ➔ And what about information sharing? ✔ Each tester writes a “notes” file ✔ Some testers add the stuff straight to reporterator Problems with this approach: ✔ Exploiting oportunities may be lost ✔ Overlapping ✔ Lack of standarization in the “notes” ✔ Synchronization problems when using reporterator 4
  5. 5. scenario: where are we? ➔ Penetration testing is about information ➔ And what about information sharing? ✔ Each tester writes a “notes” file ✔ Some testers add the stuff straight to reporterator Problems with this approach: ✔ Exploiting oportunities may be lost ✔ Overlapping while testing ✔ Lack of standarization in the “notes” ✔ Synchronization problems when using reporterator Does this sound anywhere near Quality or Efficiency? 5
  6. 6. scenario: where are we? What is DRADIS? < 6
  7. 7. Agenda ➔ Scenario: where are we? ➔ System design
  8. 8. system design ➔ Goals and chalenges ✔ create a system to effectively share information 8
  9. 9. system design ➔ Goals and chalenges ✔ create a system to effectively share information ✔ easy to use, easy to be adopted 9
  10. 10. system design ➔ Goals and chalenges ✔ create a system to effectively share information ✔ easy to use, easy to be adopted ✔ flexibility => growth ; good design 10
  11. 11. system design ➔ Goals and chalenges ● create a system to effectively share information ● easy to use, easy to be adopted ● flexibility => growth ; good design ✔ small and portable, so it can be used on site 11
  12. 12. system design ● Goals and chalenges ● create a system to effectively share information ● easy to use, easy to be adopted ● flexibility => growth ; good design ● small and portable, so it can be used on site ➔ Benefits ➔ information is orginezed 12
  13. 13. system design ● Goals and chalenges ● create a system to effectively share information ● easy to use, easy to be adopted ● flexibility => growth ; good design ● small and portable, so it can be used on site ➔ Benefits ➔ information is orginezed ➔ saves time: while testing and while reporting 13
  14. 14. system design ● Goals and chalenges ● create a system to effectively share information ● easy to use, easy to be adopted ● flexibility => growth ; good design ● small and portable, so it can be used on site ➔ Benefits ➔ information is orginezed ➔ saves time: while testing and while reporting ➔ effective knowledge sharing 14
  15. 15. system design ➔ Goals and chalenges ✔ create a system to effectively share information ✔ easy to use, easy to be adopted ✔ not too restrictive ✔ flexibility => growth ; good design ✔ small and portable, so it can be used on site ➔ Benefits ➔ information is orginezed ➔ saves time: while testing and while reporting ➔ effective knowledge sharing ➔ it is also good for one man testing 15
  16. 16. Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture
  17. 17. architecture DRADIS ➔ Client / Server architecture ➔ Coded in Ruby ➔ Multiple interfaces ➔ Different user profiles 17
  18. 18. architecture SOAP Database Web 18
  19. 19. Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture ➔ Implementation
  20. 20. Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture ➔ Implementation ➔ Demo
  21. 21. Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture ➔ Implementation ➔ Demo ➔ What's next?
  22. 22. what's next? ➔ Give it a try! < Feature requests DRADIS ➔ ➔ Improve it yourself ➔ It will be released under GPL ➔ Hopefully on sourceforge 22
  23. 23. dradis ¿Questions? Daniel Martín Gómez etd[-at-]nomejortu.com september '07 23

×