SlideShare a Scribd company logo

dradis Framework: Overview

E
etd

Dradis is a system designed for effectively sharing information among penetration testers. It uses a client-server architecture and multiple interfaces to allow information from tests to be organized, shared in real-time, and included in reports to save time and improve quality. The goals were to create an easy to use and flexible system that promotes effective knowledge sharing whether used by individuals or teams doing on-site testing.

TechnologyBusiness
1 of 23
Download to read offline
dradis Dradis Daniel Martín Gómez etd[-at-]nomejortu.com september '07 1
Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture ➔ Implementation ➔ Demo ➔ What's next?
scenario: where are we? ➔ Penetration testing is about information ✔ port scan ✔ vuln. scan Information Discovery ✔ web app scan ✔ ... ✔ metasploit Exploiting ✔ milw0rm ✔ ... ✔ reporterator Reporting ✔ word ✔ pdf tools ✔ ... 3
scenario: where are we? ➔ Penetration testing is about information ➔ And what about information sharing? ✔ Each tester writes a “notes” file ✔ Some testers add the stuff straight to reporterator Problems with this approach: ✔ Exploiting oportunities may be lost ✔ Overlapping ✔ Lack of standarization in the “notes” ✔ Synchronization problems when using reporterator 4
scenario: where are we? ➔ Penetration testing is about information ➔ And what about information sharing? ✔ Each tester writes a “notes” file ✔ Some testers add the stuff straight to reporterator Problems with this approach: ✔ Exploiting oportunities may be lost ✔ Overlapping while testing ✔ Lack of standarization in the “notes” ✔ Synchronization problems when using reporterator Does this sound anywhere near Quality or Efficiency? 5
scenario: where are we? What is DRADIS? < 6
Agenda ➔ Scenario: where are we? ➔ System design
system design ➔ Goals and chalenges ✔ create a system to effectively share information 8
system design ➔ Goals and chalenges ✔ create a system to effectively share information ✔ easy to use, easy to be adopted 9
system design ➔ Goals and chalenges ✔ create a system to effectively share information ✔ easy to use, easy to be adopted ✔ flexibility => growth ; good design 10
system design ➔ Goals and chalenges ● create a system to effectively share information ● easy to use, easy to be adopted ● flexibility => growth ; good design ✔ small and portable, so it can be used on site 11
system design ● Goals and chalenges ● create a system to effectively share information ● easy to use, easy to be adopted ● flexibility => growth ; good design ● small and portable, so it can be used on site ➔ Benefits ➔ information is orginezed 12
system design ● Goals and chalenges ● create a system to effectively share information ● easy to use, easy to be adopted ● flexibility => growth ; good design ● small and portable, so it can be used on site ➔ Benefits ➔ information is orginezed ➔ saves time: while testing and while reporting 13
system design ● Goals and chalenges ● create a system to effectively share information ● easy to use, easy to be adopted ● flexibility => growth ; good design ● small and portable, so it can be used on site ➔ Benefits ➔ information is orginezed ➔ saves time: while testing and while reporting ➔ effective knowledge sharing 14
system design ➔ Goals and chalenges ✔ create a system to effectively share information ✔ easy to use, easy to be adopted ✔ not too restrictive ✔ flexibility => growth ; good design ✔ small and portable, so it can be used on site ➔ Benefits ➔ information is orginezed ➔ saves time: while testing and while reporting ➔ effective knowledge sharing ➔ it is also good for one man testing 15
Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture
architecture DRADIS ➔ Client / Server architecture ➔ Coded in Ruby ➔ Multiple interfaces ➔ Different user profiles 17
architecture SOAP Database Web 18
Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture ➔ Implementation
Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture ➔ Implementation ➔ Demo
Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture ➔ Implementation ➔ Demo ➔ What's next?
what's next? ➔ Give it a try! < Feature requests DRADIS ➔ ➔ Improve it yourself ➔ It will be released under GPL ➔ Hopefully on sourceforge 22
dradis ¿Questions? Daniel Martín Gómez etd[-at-]nomejortu.com september '07 23

Recommended

Status and Results from the Norcem CO2 Capture Project, Liv Bjerge (Norcem) U...
Status and Results from the Norcem CO2 Capture Project, Liv Bjerge (Norcem) U...Status and Results from the Norcem CO2 Capture Project, Liv Bjerge (Norcem) U...
Status and Results from the Norcem CO2 Capture Project, Liv Bjerge (Norcem) U...UK Carbon Capture and Storage Research Centre
 
'Applying carbon capture and storage to a Chinese steel plant.' Feasibility s...
'Applying carbon capture and storage to a Chinese steel plant.' Feasibility s...'Applying carbon capture and storage to a Chinese steel plant.' Feasibility s...
'Applying carbon capture and storage to a Chinese steel plant.' Feasibility s...Global CCS Institute
 
Panel 5. CCS projects in action - Dr Chong Kul Ryu, KEPRI
Panel 5. CCS projects in action - Dr Chong Kul Ryu, KEPRIPanel 5. CCS projects in action - Dr Chong Kul Ryu, KEPRI
Panel 5. CCS projects in action - Dr Chong Kul Ryu, KEPRIGlobal CCS Institute
 
Defcon17 - dradis Framework: sharing information will get you root
Defcon17 - dradis Framework: sharing information will get you rootDefcon17 - dradis Framework: sharing information will get you root
Defcon17 - dradis Framework: sharing information will get you rootetd
 
No IT Left Behind - Connecting the Software-Defined Data Center to Multi-Moda...
No IT Left Behind - Connecting the Software-Defined Data Center to Multi-Moda...No IT Left Behind - Connecting the Software-Defined Data Center to Multi-Moda...
No IT Left Behind - Connecting the Software-Defined Data Center to Multi-Moda...Intelligent Software Solutions
 
Beyond the Scrum Team: Delivering "Done" at Scale
Beyond the Scrum Team: Delivering "Done" at ScaleBeyond the Scrum Team: Delivering "Done" at Scale
Beyond the Scrum Team: Delivering "Done" at ScaleTasktop
 
Scaling Small App
Scaling Small AppScaling Small App
Scaling Small AppSabbir Ahmmed
 
BLUG 2013 - Mobile Application Delivery - Choices, choices, choices
BLUG 2013 - Mobile Application Delivery - Choices, choices, choicesBLUG 2013 - Mobile Application Delivery - Choices, choices, choices
BLUG 2013 - Mobile Application Delivery - Choices, choices, choicesRené Winkelmeyer
 

Recommended

Status and Results from the Norcem CO2 Capture Project, Liv Bjerge (Norcem) U...
Status and Results from the Norcem CO2 Capture Project, Liv Bjerge (Norcem) U...Status and Results from the Norcem CO2 Capture Project, Liv Bjerge (Norcem) U...
Status and Results from the Norcem CO2 Capture Project, Liv Bjerge (Norcem) U...UK Carbon Capture and Storage Research Centre
 
'Applying carbon capture and storage to a Chinese steel plant.' Feasibility s...
'Applying carbon capture and storage to a Chinese steel plant.' Feasibility s...'Applying carbon capture and storage to a Chinese steel plant.' Feasibility s...
'Applying carbon capture and storage to a Chinese steel plant.' Feasibility s...Global CCS Institute
 
Panel 5. CCS projects in action - Dr Chong Kul Ryu, KEPRI
Panel 5. CCS projects in action - Dr Chong Kul Ryu, KEPRIPanel 5. CCS projects in action - Dr Chong Kul Ryu, KEPRI
Panel 5. CCS projects in action - Dr Chong Kul Ryu, KEPRIGlobal CCS Institute
 
Defcon17 - dradis Framework: sharing information will get you root
Defcon17 - dradis Framework: sharing information will get you rootDefcon17 - dradis Framework: sharing information will get you root
Defcon17 - dradis Framework: sharing information will get you rootetd
 
No IT Left Behind - Connecting the Software-Defined Data Center to Multi-Moda...
No IT Left Behind - Connecting the Software-Defined Data Center to Multi-Moda...No IT Left Behind - Connecting the Software-Defined Data Center to Multi-Moda...
No IT Left Behind - Connecting the Software-Defined Data Center to Multi-Moda...Intelligent Software Solutions
 
Beyond the Scrum Team: Delivering "Done" at Scale
Beyond the Scrum Team: Delivering "Done" at ScaleBeyond the Scrum Team: Delivering "Done" at Scale
Beyond the Scrum Team: Delivering "Done" at ScaleTasktop
 
Scaling Small App
Scaling Small AppScaling Small App
Scaling Small AppSabbir Ahmmed
 
BLUG 2013 - Mobile Application Delivery - Choices, choices, choices
BLUG 2013 - Mobile Application Delivery - Choices, choices, choicesBLUG 2013 - Mobile Application Delivery - Choices, choices, choices
BLUG 2013 - Mobile Application Delivery - Choices, choices, choicesRené Winkelmeyer
 
Streamlining Nonprofit Organizations - It's all About the Cloud!
Streamlining Nonprofit Organizations - It's all About the Cloud!Streamlining Nonprofit Organizations - It's all About the Cloud!
Streamlining Nonprofit Organizations - It's all About the Cloud!Marc Baizman
 
Streamlining Nonprofit Organizations: It's All About the Cloud
Streamlining Nonprofit Organizations: It's All About the CloudStreamlining Nonprofit Organizations: It's All About the Cloud
Streamlining Nonprofit Organizations: It's All About the CloudDebra Askanase
 
[Christopher Ngo] Intro DevOPS XP Day 2015
[Christopher Ngo] Intro DevOPS XP Day 2015[Christopher Ngo] Intro DevOPS XP Day 2015
[Christopher Ngo] Intro DevOPS XP Day 2015Agile đây Vietnam
 
DevOps Security - Is It Really So Difficult? - Reuven Harrison - DevOpsDays T...
DevOps Security - Is It Really So Difficult? - Reuven Harrison - DevOpsDays T...DevOps Security - Is It Really So Difficult? - Reuven Harrison - DevOpsDays T...
DevOps Security - Is It Really So Difficult? - Reuven Harrison - DevOpsDays T...DevOpsDays Tel Aviv
 
Drupal and Devops , the Survey Results
Drupal and Devops , the Survey ResultsDrupal and Devops , the Survey Results
Drupal and Devops , the Survey ResultsKris Buytaert
 
Intro to Cloud Native _ v1.0en (2021/01)
Intro to Cloud Native _ v1.0en (2021/01)Intro to Cloud Native _ v1.0en (2021/01)
Intro to Cloud Native _ v1.0en (2021/01)Young Suk Ahn Park
 
Devops for drupal
Devops for drupalDevops for drupal
Devops for drupalKris Buytaert
 
The Final Frontier, Automating Dynamic Security Testing
The Final Frontier, Automating Dynamic Security TestingThe Final Frontier, Automating Dynamic Security Testing
The Final Frontier, Automating Dynamic Security TestingMatt Tesauro
 
The Cloud: CIO\'s Perspective
The Cloud: CIO\'s PerspectiveThe Cloud: CIO\'s Perspective
The Cloud: CIO\'s PerspectiveIvo Vachkov
 
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...apidays
 
Moby is killing your devops efforts
Moby is killing your devops effortsMoby is killing your devops efforts
Moby is killing your devops effortsKris Buytaert
 
Cynthia Wu: Satisfaction Not Guaranteed
Cynthia Wu: Satisfaction Not GuaranteedCynthia Wu: Satisfaction Not Guaranteed
Cynthia Wu: Satisfaction Not GuaranteedAnna Royzman
 
South Coast Summit 2021 - 12 months of power automate pain
South Coast Summit 2021 - 12 months of power automate painSouth Coast Summit 2021 - 12 months of power automate pain
South Coast Summit 2021 - 12 months of power automate painPeter Baddeley
 
Automation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret ManagementAutomation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret ManagementMary Racter
 
Enterprise system implementation strategies and phases
Enterprise system implementation strategies and phasesEnterprise system implementation strategies and phases
Enterprise system implementation strategies and phasesJohn Cachat
 
Continuous Delivery: why ? where to start ? how to scale ?
Continuous Delivery: why ? where to start ? how to scale ?Continuous Delivery: why ? where to start ? how to scale ?
Continuous Delivery: why ? where to start ? how to scale ?Jean-Philippe Briend
 
Executing for Every Screen: Build, launch and sustain products for your custo...
Executing for Every Screen: Build, launch and sustain products for your custo...Executing for Every Screen: Build, launch and sustain products for your custo...
Executing for Every Screen: Build, launch and sustain products for your custo...Steven Hoober
 
Lunch & Learn BigQuery & Firebase from other Google Cloud customers
Lunch & Learn BigQuery & Firebase from other Google Cloud customersLunch & Learn BigQuery & Firebase from other Google Cloud customers
Lunch & Learn BigQuery & Firebase from other Google Cloud customersDaniel Zivkovic
 
Agile and Secure
Agile and SecureAgile and Secure
Agile and SecureDenim Group
 
Measure and Accelerate Your Software Delivery
Measure and Accelerate Your Software DeliveryMeasure and Accelerate Your Software Delivery
Measure and Accelerate Your Software DeliveryAnand Chauhan
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 

More Related Content

Similar to dradis Framework: Overview

Streamlining Nonprofit Organizations - It's all About the Cloud!
Streamlining Nonprofit Organizations - It's all About the Cloud!Streamlining Nonprofit Organizations - It's all About the Cloud!
Streamlining Nonprofit Organizations - It's all About the Cloud!Marc Baizman
 
Streamlining Nonprofit Organizations: It's All About the Cloud
Streamlining Nonprofit Organizations: It's All About the CloudStreamlining Nonprofit Organizations: It's All About the Cloud
Streamlining Nonprofit Organizations: It's All About the CloudDebra Askanase
 
[Christopher Ngo] Intro DevOPS XP Day 2015
[Christopher Ngo] Intro DevOPS XP Day 2015[Christopher Ngo] Intro DevOPS XP Day 2015
[Christopher Ngo] Intro DevOPS XP Day 2015Agile đây Vietnam
 
DevOps Security - Is It Really So Difficult? - Reuven Harrison - DevOpsDays T...
DevOps Security - Is It Really So Difficult? - Reuven Harrison - DevOpsDays T...DevOps Security - Is It Really So Difficult? - Reuven Harrison - DevOpsDays T...
DevOps Security - Is It Really So Difficult? - Reuven Harrison - DevOpsDays T...DevOpsDays Tel Aviv
 
Drupal and Devops , the Survey Results
Drupal and Devops , the Survey ResultsDrupal and Devops , the Survey Results
Drupal and Devops , the Survey ResultsKris Buytaert
 
Intro to Cloud Native _ v1.0en (2021/01)
Intro to Cloud Native _ v1.0en (2021/01)Intro to Cloud Native _ v1.0en (2021/01)
Intro to Cloud Native _ v1.0en (2021/01)Young Suk Ahn Park
 
The Final Frontier, Automating Dynamic Security Testing
The Final Frontier, Automating Dynamic Security TestingThe Final Frontier, Automating Dynamic Security Testing
The Final Frontier, Automating Dynamic Security TestingMatt Tesauro
 
The Cloud: CIO\'s Perspective
The Cloud: CIO\'s PerspectiveThe Cloud: CIO\'s Perspective
The Cloud: CIO\'s PerspectiveIvo Vachkov
 
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...apidays
 
Moby is killing your devops efforts
Moby is killing your devops effortsMoby is killing your devops efforts
Moby is killing your devops effortsKris Buytaert
 
Cynthia Wu: Satisfaction Not Guaranteed
Cynthia Wu: Satisfaction Not GuaranteedCynthia Wu: Satisfaction Not Guaranteed
Cynthia Wu: Satisfaction Not GuaranteedAnna Royzman
 
South Coast Summit 2021 - 12 months of power automate pain
South Coast Summit 2021 - 12 months of power automate painSouth Coast Summit 2021 - 12 months of power automate pain
South Coast Summit 2021 - 12 months of power automate painPeter Baddeley
 
Automation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret ManagementAutomation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret ManagementMary Racter
 
Enterprise system implementation strategies and phases
Enterprise system implementation strategies and phasesEnterprise system implementation strategies and phases
Enterprise system implementation strategies and phasesJohn Cachat
 
Continuous Delivery: why ? where to start ? how to scale ?
Continuous Delivery: why ? where to start ? how to scale ?Continuous Delivery: why ? where to start ? how to scale ?
Continuous Delivery: why ? where to start ? how to scale ?Jean-Philippe Briend
 
Executing for Every Screen: Build, launch and sustain products for your custo...
Executing for Every Screen: Build, launch and sustain products for your custo...Executing for Every Screen: Build, launch and sustain products for your custo...
Executing for Every Screen: Build, launch and sustain products for your custo...Steven Hoober
 
Lunch & Learn BigQuery & Firebase from other Google Cloud customers
Lunch & Learn BigQuery & Firebase from other Google Cloud customersLunch & Learn BigQuery & Firebase from other Google Cloud customers
Lunch & Learn BigQuery & Firebase from other Google Cloud customersDaniel Zivkovic
 
Agile and Secure
Agile and SecureAgile and Secure
Agile and SecureDenim Group
 
Measure and Accelerate Your Software Delivery
Measure and Accelerate Your Software DeliveryMeasure and Accelerate Your Software Delivery
Measure and Accelerate Your Software DeliveryAnand Chauhan
 

Similar to dradis Framework: Overview (20)

Streamlining Nonprofit Organizations - It's all About the Cloud!
Streamlining Nonprofit Organizations - It's all About the Cloud!Streamlining Nonprofit Organizations - It's all About the Cloud!
Streamlining Nonprofit Organizations - It's all About the Cloud!
 
Streamlining Nonprofit Organizations: It's All About the Cloud
Streamlining Nonprofit Organizations: It's All About the CloudStreamlining Nonprofit Organizations: It's All About the Cloud
Streamlining Nonprofit Organizations: It's All About the Cloud
 
[Christopher Ngo] Intro DevOPS XP Day 2015
[Christopher Ngo] Intro DevOPS XP Day 2015[Christopher Ngo] Intro DevOPS XP Day 2015
[Christopher Ngo] Intro DevOPS XP Day 2015
 
DevOps Security - Is It Really So Difficult? - Reuven Harrison - DevOpsDays T...
DevOps Security - Is It Really So Difficult? - Reuven Harrison - DevOpsDays T...DevOps Security - Is It Really So Difficult? - Reuven Harrison - DevOpsDays T...
DevOps Security - Is It Really So Difficult? - Reuven Harrison - DevOpsDays T...
 
Drupal and Devops , the Survey Results
Drupal and Devops , the Survey ResultsDrupal and Devops , the Survey Results
Drupal and Devops , the Survey Results
 
Intro to Cloud Native _ v1.0en (2021/01)
Intro to Cloud Native _ v1.0en (2021/01)Intro to Cloud Native _ v1.0en (2021/01)
Intro to Cloud Native _ v1.0en (2021/01)
 
Devops for drupal
Devops for drupalDevops for drupal
Devops for drupal
 
The Final Frontier, Automating Dynamic Security Testing
The Final Frontier, Automating Dynamic Security TestingThe Final Frontier, Automating Dynamic Security Testing
The Final Frontier, Automating Dynamic Security Testing
 
The Cloud: CIO\'s Perspective
The Cloud: CIO\'s PerspectiveThe Cloud: CIO\'s Perspective
The Cloud: CIO\'s Perspective
 
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
 
Moby is killing your devops efforts
Moby is killing your devops effortsMoby is killing your devops efforts
Moby is killing your devops efforts
 
Cynthia Wu: Satisfaction Not Guaranteed
Cynthia Wu: Satisfaction Not GuaranteedCynthia Wu: Satisfaction Not Guaranteed
Cynthia Wu: Satisfaction Not Guaranteed
 
South Coast Summit 2021 - 12 months of power automate pain
South Coast Summit 2021 - 12 months of power automate painSouth Coast Summit 2021 - 12 months of power automate pain
South Coast Summit 2021 - 12 months of power automate pain
 
Automation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret ManagementAutomation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret Management
 
Enterprise system implementation strategies and phases
Enterprise system implementation strategies and phasesEnterprise system implementation strategies and phases
Enterprise system implementation strategies and phases
 
Continuous Delivery: why ? where to start ? how to scale ?
Continuous Delivery: why ? where to start ? how to scale ?Continuous Delivery: why ? where to start ? how to scale ?
Continuous Delivery: why ? where to start ? how to scale ?
 
Executing for Every Screen: Build, launch and sustain products for your custo...
Executing for Every Screen: Build, launch and sustain products for your custo...Executing for Every Screen: Build, launch and sustain products for your custo...
Executing for Every Screen: Build, launch and sustain products for your custo...
 
Lunch & Learn BigQuery & Firebase from other Google Cloud customers
Lunch & Learn BigQuery & Firebase from other Google Cloud customersLunch & Learn BigQuery & Firebase from other Google Cloud customers
Lunch & Learn BigQuery & Firebase from other Google Cloud customers
 
Agile and Secure
Agile and SecureAgile and Secure
Agile and Secure
 
Measure and Accelerate Your Software Delivery
Measure and Accelerate Your Software DeliveryMeasure and Accelerate Your Software Delivery
Measure and Accelerate Your Software Delivery
 

Recently uploaded

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 

Recently uploaded (20)

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 

dradis Framework: Overview

  • 1. dradis Dradis Daniel Martín Gómez etd[-at-]nomejortu.com september '07 1
  • 2. Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture ➔ Implementation ➔ Demo ➔ What's next?
  • 3. scenario: where are we? ➔ Penetration testing is about information ✔ port scan ✔ vuln. scan Information Discovery ✔ web app scan ✔ ... ✔ metasploit Exploiting ✔ milw0rm ✔ ... ✔ reporterator Reporting ✔ word ✔ pdf tools ✔ ... 3
  • 4. scenario: where are we? ➔ Penetration testing is about information ➔ And what about information sharing? ✔ Each tester writes a “notes” file ✔ Some testers add the stuff straight to reporterator Problems with this approach: ✔ Exploiting oportunities may be lost ✔ Overlapping ✔ Lack of standarization in the “notes” ✔ Synchronization problems when using reporterator 4
  • 5. scenario: where are we? ➔ Penetration testing is about information ➔ And what about information sharing? ✔ Each tester writes a “notes” file ✔ Some testers add the stuff straight to reporterator Problems with this approach: ✔ Exploiting oportunities may be lost ✔ Overlapping while testing ✔ Lack of standarization in the “notes” ✔ Synchronization problems when using reporterator Does this sound anywhere near Quality or Efficiency? 5
  • 6. scenario: where are we? What is DRADIS? < 6
  • 7. Agenda ➔ Scenario: where are we? ➔ System design
  • 8. system design ➔ Goals and chalenges ✔ create a system to effectively share information 8
  • 9. system design ➔ Goals and chalenges ✔ create a system to effectively share information ✔ easy to use, easy to be adopted 9
  • 10. system design ➔ Goals and chalenges ✔ create a system to effectively share information ✔ easy to use, easy to be adopted ✔ flexibility => growth ; good design 10
  • 11. system design ➔ Goals and chalenges ● create a system to effectively share information ● easy to use, easy to be adopted ● flexibility => growth ; good design ✔ small and portable, so it can be used on site 11
  • 12. system design ● Goals and chalenges ● create a system to effectively share information ● easy to use, easy to be adopted ● flexibility => growth ; good design ● small and portable, so it can be used on site ➔ Benefits ➔ information is orginezed 12
  • 13. system design ● Goals and chalenges ● create a system to effectively share information ● easy to use, easy to be adopted ● flexibility => growth ; good design ● small and portable, so it can be used on site ➔ Benefits ➔ information is orginezed ➔ saves time: while testing and while reporting 13
  • 14. system design ● Goals and chalenges ● create a system to effectively share information ● easy to use, easy to be adopted ● flexibility => growth ; good design ● small and portable, so it can be used on site ➔ Benefits ➔ information is orginezed ➔ saves time: while testing and while reporting ➔ effective knowledge sharing 14
  • 15. system design ➔ Goals and chalenges ✔ create a system to effectively share information ✔ easy to use, easy to be adopted ✔ not too restrictive ✔ flexibility => growth ; good design ✔ small and portable, so it can be used on site ➔ Benefits ➔ information is orginezed ➔ saves time: while testing and while reporting ➔ effective knowledge sharing ➔ it is also good for one man testing 15
  • 16. Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture
  • 17. architecture DRADIS ➔ Client / Server architecture ➔ Coded in Ruby ➔ Multiple interfaces ➔ Different user profiles 17
  • 18. architecture SOAP Database Web 18
  • 19. Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture ➔ Implementation
  • 20. Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture ➔ Implementation ➔ Demo
  • 21. Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture ➔ Implementation ➔ Demo ➔ What's next?
  • 22. what's next? ➔ Give it a try! < Feature requests DRADIS ➔ ➔ Improve it yourself ➔ It will be released under GPL ➔ Hopefully on sourceforge 22
  • 23. dradis ¿Questions? Daniel Martín Gómez etd[-at-]nomejortu.com september '07 23