Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
dradis




       Dradis


Daniel Martín Gómez
 etd[-at-]nomejortu.com




                          september '07
       ...
Agenda
➔   Scenario: where are we?
➔   System design
➔   Architecture
➔   Implementation
➔   Demo
➔   What's next?
scenario: where are we?
➔   Penetration testing is about information
                              ✔ port scan
           ...
scenario: where are we?
➔   Penetration testing is about information
➔   And what about information sharing?
        ✔ Eac...
scenario: where are we?
➔   Penetration testing is about information
➔   And what about information sharing?
        ✔ Eac...
scenario: where are we?




What is DRADIS?



                    <




                          6
Agenda
➔   Scenario: where are we?
➔   System design
system design
➔   Goals and chalenges
    ✔   create a system to effectively share information




                       ...
system design
➔   Goals and chalenges
    ✔   create a system to effectively share information
    ✔   easy to use, easy t...
system design
➔   Goals and chalenges
    ✔   create a system to effectively share information
    ✔   easy to use, easy t...
system design
➔   Goals and chalenges
    ● create a system to effectively share information
    ● easy to use, easy to be...
system design
●   Goals and chalenges
    ● create a system to effectively share information
    ● easy to use, easy to be...
system design
●   Goals and chalenges
    ● create a system to effectively share information
    ● easy to use, easy to be...
system design
●   Goals and chalenges
    ● create a system to effectively share information
    ● easy to use, easy to be...
system design
➔   Goals and chalenges
    ✔   create a system to effectively share information
    ✔   easy to use, easy t...
Agenda
➔   Scenario: where are we?
➔   System design
➔   Architecture
architecture



DRADIS

   ➔ Client / Server architecture
   ➔ Coded in Ruby


   ➔ Multiple interfaces


   ➔ Different u...
architecture




           SOAP

Database

           Web




                             18
Agenda
➔   Scenario: where are we?
➔   System design
➔   Architecture
➔   Implementation
Agenda
➔   Scenario: where are we?
➔   System design
➔   Architecture
➔   Implementation
➔   Demo
Agenda
➔   Scenario: where are we?
➔   System design
➔   Architecture
➔   Implementation
➔   Demo
➔   What's next?
what's next?


➔   Give it a try!                      <
    Feature requests
                             DRADIS
➔


➔   ...
dradis




  ¿Questions?


Daniel Martín Gómez
 etd[-at-]nomejortu.com




                          september '07
       ...
Upcoming SlideShare
Loading in …5
×

dradis Framework: Overview

1,225 views

Published on

Published in: Technology, Business
  • Be the first to comment

dradis Framework: Overview

  1. 1. dradis Dradis Daniel Martín Gómez etd[-at-]nomejortu.com september '07 1
  2. 2. Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture ➔ Implementation ➔ Demo ➔ What's next?
  3. 3. scenario: where are we? ➔ Penetration testing is about information ✔ port scan ✔ vuln. scan Information Discovery ✔ web app scan ✔ ... ✔ metasploit Exploiting ✔ milw0rm ✔ ... ✔ reporterator Reporting ✔ word ✔ pdf tools ✔ ... 3
  4. 4. scenario: where are we? ➔ Penetration testing is about information ➔ And what about information sharing? ✔ Each tester writes a “notes” file ✔ Some testers add the stuff straight to reporterator Problems with this approach: ✔ Exploiting oportunities may be lost ✔ Overlapping ✔ Lack of standarization in the “notes” ✔ Synchronization problems when using reporterator 4
  5. 5. scenario: where are we? ➔ Penetration testing is about information ➔ And what about information sharing? ✔ Each tester writes a “notes” file ✔ Some testers add the stuff straight to reporterator Problems with this approach: ✔ Exploiting oportunities may be lost ✔ Overlapping while testing ✔ Lack of standarization in the “notes” ✔ Synchronization problems when using reporterator Does this sound anywhere near Quality or Efficiency? 5
  6. 6. scenario: where are we? What is DRADIS? < 6
  7. 7. Agenda ➔ Scenario: where are we? ➔ System design
  8. 8. system design ➔ Goals and chalenges ✔ create a system to effectively share information 8
  9. 9. system design ➔ Goals and chalenges ✔ create a system to effectively share information ✔ easy to use, easy to be adopted 9
  10. 10. system design ➔ Goals and chalenges ✔ create a system to effectively share information ✔ easy to use, easy to be adopted ✔ flexibility => growth ; good design 10
  11. 11. system design ➔ Goals and chalenges ● create a system to effectively share information ● easy to use, easy to be adopted ● flexibility => growth ; good design ✔ small and portable, so it can be used on site 11
  12. 12. system design ● Goals and chalenges ● create a system to effectively share information ● easy to use, easy to be adopted ● flexibility => growth ; good design ● small and portable, so it can be used on site ➔ Benefits ➔ information is orginezed 12
  13. 13. system design ● Goals and chalenges ● create a system to effectively share information ● easy to use, easy to be adopted ● flexibility => growth ; good design ● small and portable, so it can be used on site ➔ Benefits ➔ information is orginezed ➔ saves time: while testing and while reporting 13
  14. 14. system design ● Goals and chalenges ● create a system to effectively share information ● easy to use, easy to be adopted ● flexibility => growth ; good design ● small and portable, so it can be used on site ➔ Benefits ➔ information is orginezed ➔ saves time: while testing and while reporting ➔ effective knowledge sharing 14
  15. 15. system design ➔ Goals and chalenges ✔ create a system to effectively share information ✔ easy to use, easy to be adopted ✔ not too restrictive ✔ flexibility => growth ; good design ✔ small and portable, so it can be used on site ➔ Benefits ➔ information is orginezed ➔ saves time: while testing and while reporting ➔ effective knowledge sharing ➔ it is also good for one man testing 15
  16. 16. Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture
  17. 17. architecture DRADIS ➔ Client / Server architecture ➔ Coded in Ruby ➔ Multiple interfaces ➔ Different user profiles 17
  18. 18. architecture SOAP Database Web 18
  19. 19. Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture ➔ Implementation
  20. 20. Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture ➔ Implementation ➔ Demo
  21. 21. Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture ➔ Implementation ➔ Demo ➔ What's next?
  22. 22. what's next? ➔ Give it a try! < Feature requests DRADIS ➔ ➔ Improve it yourself ➔ It will be released under GPL ➔ Hopefully on sourceforge 22
  23. 23. dradis ¿Questions? Daniel Martín Gómez etd[-at-]nomejortu.com september '07 23

×