SlideShare a Scribd company logo

dradis Framework: Overview

E
etd

Dradis is a system designed for effectively sharing information among penetration testers. It uses a client-server architecture and multiple interfaces to allow information from tests to be organized, shared in real-time, and included in reports to save time and improve quality. The goals were to create an easy to use and flexible system that promotes effective knowledge sharing whether used by individuals or teams doing on-site testing.

TechnologyBusiness
1 of 23
Download to read offline
dradis Dradis Daniel Martín Gómez etd[-at-]nomejortu.com september '07 1
Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture ➔ Implementation ➔ Demo ➔ What's next?
scenario: where are we? ➔ Penetration testing is about information ✔ port scan ✔ vuln. scan Information Discovery ✔ web app scan ✔ ... ✔ metasploit Exploiting ✔ milw0rm ✔ ... ✔ reporterator Reporting ✔ word ✔ pdf tools ✔ ... 3
scenario: where are we? ➔ Penetration testing is about information ➔ And what about information sharing? ✔ Each tester writes a “notes” file ✔ Some testers add the stuff straight to reporterator Problems with this approach: ✔ Exploiting oportunities may be lost ✔ Overlapping ✔ Lack of standarization in the “notes” ✔ Synchronization problems when using reporterator 4
scenario: where are we? ➔ Penetration testing is about information ➔ And what about information sharing? ✔ Each tester writes a “notes” file ✔ Some testers add the stuff straight to reporterator Problems with this approach: ✔ Exploiting oportunities may be lost ✔ Overlapping while testing ✔ Lack of standarization in the “notes” ✔ Synchronization problems when using reporterator Does this sound anywhere near Quality or Efficiency? 5
scenario: where are we? What is DRADIS? < 6
Agenda ➔ Scenario: where are we? ➔ System design
system design ➔ Goals and chalenges ✔ create a system to effectively share information 8
system design ➔ Goals and chalenges ✔ create a system to effectively share information ✔ easy to use, easy to be adopted 9
system design ➔ Goals and chalenges ✔ create a system to effectively share information ✔ easy to use, easy to be adopted ✔ flexibility => growth ; good design 10
system design ➔ Goals and chalenges ● create a system to effectively share information ● easy to use, easy to be adopted ● flexibility => growth ; good design ✔ small and portable, so it can be used on site 11
system design ● Goals and chalenges ● create a system to effectively share information ● easy to use, easy to be adopted ● flexibility => growth ; good design ● small and portable, so it can be used on site ➔ Benefits ➔ information is orginezed 12
system design ● Goals and chalenges ● create a system to effectively share information ● easy to use, easy to be adopted ● flexibility => growth ; good design ● small and portable, so it can be used on site ➔ Benefits ➔ information is orginezed ➔ saves time: while testing and while reporting 13
system design ● Goals and chalenges ● create a system to effectively share information ● easy to use, easy to be adopted ● flexibility => growth ; good design ● small and portable, so it can be used on site ➔ Benefits ➔ information is orginezed ➔ saves time: while testing and while reporting ➔ effective knowledge sharing 14
system design ➔ Goals and chalenges ✔ create a system to effectively share information ✔ easy to use, easy to be adopted ✔ not too restrictive ✔ flexibility => growth ; good design ✔ small and portable, so it can be used on site ➔ Benefits ➔ information is orginezed ➔ saves time: while testing and while reporting ➔ effective knowledge sharing ➔ it is also good for one man testing 15
Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture
architecture DRADIS ➔ Client / Server architecture ➔ Coded in Ruby ➔ Multiple interfaces ➔ Different user profiles 17
architecture SOAP Database Web 18
Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture ➔ Implementation
Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture ➔ Implementation ➔ Demo
Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture ➔ Implementation ➔ Demo ➔ What's next?
what's next? ➔ Give it a try! < Feature requests DRADIS ➔ ➔ Improve it yourself ➔ It will be released under GPL ➔ Hopefully on sourceforge 22
dradis ¿Questions? Daniel Martín Gómez etd[-at-]nomejortu.com september '07 23

Recommended

Status and Results from the Norcem CO2 Capture Project, Liv Bjerge (Norcem) U...
Status and Results from the Norcem CO2 Capture Project, Liv Bjerge (Norcem) U...Status and Results from the Norcem CO2 Capture Project, Liv Bjerge (Norcem) U...
Status and Results from the Norcem CO2 Capture Project, Liv Bjerge (Norcem) U...UK Carbon Capture and Storage Research Centre
 
'Applying carbon capture and storage to a Chinese steel plant.' Feasibility s...
'Applying carbon capture and storage to a Chinese steel plant.' Feasibility s...'Applying carbon capture and storage to a Chinese steel plant.' Feasibility s...
'Applying carbon capture and storage to a Chinese steel plant.' Feasibility s...Global CCS Institute
 
Panel 5. CCS projects in action - Dr Chong Kul Ryu, KEPRI
Panel 5. CCS projects in action - Dr Chong Kul Ryu, KEPRIPanel 5. CCS projects in action - Dr Chong Kul Ryu, KEPRI
Panel 5. CCS projects in action - Dr Chong Kul Ryu, KEPRIGlobal CCS Institute
 
Defcon17 - dradis Framework: sharing information will get you root
Defcon17 - dradis Framework: sharing information will get you rootDefcon17 - dradis Framework: sharing information will get you root
Defcon17 - dradis Framework: sharing information will get you rootetd
 
No IT Left Behind - Connecting the Software-Defined Data Center to Multi-Moda...
No IT Left Behind - Connecting the Software-Defined Data Center to Multi-Moda...No IT Left Behind - Connecting the Software-Defined Data Center to Multi-Moda...
No IT Left Behind - Connecting the Software-Defined Data Center to Multi-Moda...Intelligent Software Solutions
 
Beyond the Scrum Team: Delivering "Done" at Scale
Beyond the Scrum Team: Delivering "Done" at ScaleBeyond the Scrum Team: Delivering "Done" at Scale
Beyond the Scrum Team: Delivering "Done" at ScaleTasktop
 
Scaling Small App
Scaling Small AppScaling Small App
Scaling Small AppSabbir Ahmmed
 
BLUG 2013 - Mobile Application Delivery - Choices, choices, choices
BLUG 2013 - Mobile Application Delivery - Choices, choices, choicesBLUG 2013 - Mobile Application Delivery - Choices, choices, choices
BLUG 2013 - Mobile Application Delivery - Choices, choices, choicesRené Winkelmeyer
 

Recommended

Status and Results from the Norcem CO2 Capture Project, Liv Bjerge (Norcem) U...
Status and Results from the Norcem CO2 Capture Project, Liv Bjerge (Norcem) U...Status and Results from the Norcem CO2 Capture Project, Liv Bjerge (Norcem) U...
Status and Results from the Norcem CO2 Capture Project, Liv Bjerge (Norcem) U...UK Carbon Capture and Storage Research Centre
 
'Applying carbon capture and storage to a Chinese steel plant.' Feasibility s...
'Applying carbon capture and storage to a Chinese steel plant.' Feasibility s...'Applying carbon capture and storage to a Chinese steel plant.' Feasibility s...
'Applying carbon capture and storage to a Chinese steel plant.' Feasibility s...Global CCS Institute
 
Panel 5. CCS projects in action - Dr Chong Kul Ryu, KEPRI
Panel 5. CCS projects in action - Dr Chong Kul Ryu, KEPRIPanel 5. CCS projects in action - Dr Chong Kul Ryu, KEPRI
Panel 5. CCS projects in action - Dr Chong Kul Ryu, KEPRIGlobal CCS Institute
 
Defcon17 - dradis Framework: sharing information will get you root
Defcon17 - dradis Framework: sharing information will get you rootDefcon17 - dradis Framework: sharing information will get you root
Defcon17 - dradis Framework: sharing information will get you rootetd
 
No IT Left Behind - Connecting the Software-Defined Data Center to Multi-Moda...
No IT Left Behind - Connecting the Software-Defined Data Center to Multi-Moda...No IT Left Behind - Connecting the Software-Defined Data Center to Multi-Moda...
No IT Left Behind - Connecting the Software-Defined Data Center to Multi-Moda...Intelligent Software Solutions
 
Beyond the Scrum Team: Delivering "Done" at Scale
Beyond the Scrum Team: Delivering "Done" at ScaleBeyond the Scrum Team: Delivering "Done" at Scale
Beyond the Scrum Team: Delivering "Done" at ScaleTasktop
 
Scaling Small App
Scaling Small AppScaling Small App
Scaling Small AppSabbir Ahmmed
 
BLUG 2013 - Mobile Application Delivery - Choices, choices, choices
BLUG 2013 - Mobile Application Delivery - Choices, choices, choicesBLUG 2013 - Mobile Application Delivery - Choices, choices, choices
BLUG 2013 - Mobile Application Delivery - Choices, choices, choicesRené Winkelmeyer
 
Streamlining Nonprofit Organizations - It's all About the Cloud!
Streamlining Nonprofit Organizations - It's all About the Cloud!Streamlining Nonprofit Organizations - It's all About the Cloud!
Streamlining Nonprofit Organizations - It's all About the Cloud!Marc Baizman
 
Streamlining Nonprofit Organizations: It's All About the Cloud
Streamlining Nonprofit Organizations: It's All About the CloudStreamlining Nonprofit Organizations: It's All About the Cloud
Streamlining Nonprofit Organizations: It's All About the CloudDebra Askanase
 
[Christopher Ngo] Intro DevOPS XP Day 2015
[Christopher Ngo] Intro DevOPS XP Day 2015[Christopher Ngo] Intro DevOPS XP Day 2015
[Christopher Ngo] Intro DevOPS XP Day 2015Agile đây Vietnam
 
DevOps Security - Is It Really So Difficult? - Reuven Harrison - DevOpsDays T...
DevOps Security - Is It Really So Difficult? - Reuven Harrison - DevOpsDays T...DevOps Security - Is It Really So Difficult? - Reuven Harrison - DevOpsDays T...
DevOps Security - Is It Really So Difficult? - Reuven Harrison - DevOpsDays T...DevOpsDays Tel Aviv
 
Drupal and Devops , the Survey Results
Drupal and Devops , the Survey ResultsDrupal and Devops , the Survey Results
Drupal and Devops , the Survey ResultsKris Buytaert
 
Intro to Cloud Native _ v1.0en (2021/01)
Intro to Cloud Native _ v1.0en (2021/01)Intro to Cloud Native _ v1.0en (2021/01)
Intro to Cloud Native _ v1.0en (2021/01)Young Suk Ahn Park
 
Devops for drupal
Devops for drupalDevops for drupal
Devops for drupalKris Buytaert
 
The Final Frontier, Automating Dynamic Security Testing
The Final Frontier, Automating Dynamic Security TestingThe Final Frontier, Automating Dynamic Security Testing
The Final Frontier, Automating Dynamic Security TestingMatt Tesauro
 
The Cloud: CIO\'s Perspective
The Cloud: CIO\'s PerspectiveThe Cloud: CIO\'s Perspective
The Cloud: CIO\'s PerspectiveIvo Vachkov
 
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...apidays
 
Moby is killing your devops efforts
Moby is killing your devops effortsMoby is killing your devops efforts
Moby is killing your devops effortsKris Buytaert
 
Cynthia Wu: Satisfaction Not Guaranteed
Cynthia Wu: Satisfaction Not GuaranteedCynthia Wu: Satisfaction Not Guaranteed
Cynthia Wu: Satisfaction Not GuaranteedAnna Royzman
 
South Coast Summit 2021 - 12 months of power automate pain
South Coast Summit 2021 - 12 months of power automate painSouth Coast Summit 2021 - 12 months of power automate pain
South Coast Summit 2021 - 12 months of power automate painPeter Baddeley
 
Automation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret ManagementAutomation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret ManagementMary Racter
 
Enterprise system implementation strategies and phases
Enterprise system implementation strategies and phasesEnterprise system implementation strategies and phases
Enterprise system implementation strategies and phasesJohn Cachat
 
Continuous Delivery: why ? where to start ? how to scale ?
Continuous Delivery: why ? where to start ? how to scale ?Continuous Delivery: why ? where to start ? how to scale ?
Continuous Delivery: why ? where to start ? how to scale ?Jean-Philippe Briend
 
Executing for Every Screen: Build, launch and sustain products for your custo...
Executing for Every Screen: Build, launch and sustain products for your custo...Executing for Every Screen: Build, launch and sustain products for your custo...
Executing for Every Screen: Build, launch and sustain products for your custo...Steven Hoober
 
Lunch & Learn BigQuery & Firebase from other Google Cloud customers
Lunch & Learn BigQuery & Firebase from other Google Cloud customersLunch & Learn BigQuery & Firebase from other Google Cloud customers
Lunch & Learn BigQuery & Firebase from other Google Cloud customersDaniel Zivkovic
 
Agile and Secure
Agile and SecureAgile and Secure
Agile and SecureDenim Group
 
Measure and Accelerate Your Software Delivery
Measure and Accelerate Your Software DeliveryMeasure and Accelerate Your Software Delivery
Measure and Accelerate Your Software DeliveryAnand Chauhan
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 

More Related Content

Similar to dradis Framework: Overview

Streamlining Nonprofit Organizations - It's all About the Cloud!
Streamlining Nonprofit Organizations - It's all About the Cloud!Streamlining Nonprofit Organizations - It's all About the Cloud!
Streamlining Nonprofit Organizations - It's all About the Cloud!Marc Baizman
 
Streamlining Nonprofit Organizations: It's All About the Cloud
Streamlining Nonprofit Organizations: It's All About the CloudStreamlining Nonprofit Organizations: It's All About the Cloud
Streamlining Nonprofit Organizations: It's All About the CloudDebra Askanase
 
[Christopher Ngo] Intro DevOPS XP Day 2015
[Christopher Ngo] Intro DevOPS XP Day 2015[Christopher Ngo] Intro DevOPS XP Day 2015
[Christopher Ngo] Intro DevOPS XP Day 2015Agile đây Vietnam
 
DevOps Security - Is It Really So Difficult? - Reuven Harrison - DevOpsDays T...
DevOps Security - Is It Really So Difficult? - Reuven Harrison - DevOpsDays T...DevOps Security - Is It Really So Difficult? - Reuven Harrison - DevOpsDays T...
DevOps Security - Is It Really So Difficult? - Reuven Harrison - DevOpsDays T...DevOpsDays Tel Aviv
 
Drupal and Devops , the Survey Results
Drupal and Devops , the Survey ResultsDrupal and Devops , the Survey Results
Drupal and Devops , the Survey ResultsKris Buytaert
 
Intro to Cloud Native _ v1.0en (2021/01)
Intro to Cloud Native _ v1.0en (2021/01)Intro to Cloud Native _ v1.0en (2021/01)
Intro to Cloud Native _ v1.0en (2021/01)Young Suk Ahn Park
 
The Final Frontier, Automating Dynamic Security Testing
The Final Frontier, Automating Dynamic Security TestingThe Final Frontier, Automating Dynamic Security Testing
The Final Frontier, Automating Dynamic Security TestingMatt Tesauro
 
The Cloud: CIO\'s Perspective
The Cloud: CIO\'s PerspectiveThe Cloud: CIO\'s Perspective
The Cloud: CIO\'s PerspectiveIvo Vachkov
 
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...apidays
 
Moby is killing your devops efforts
Moby is killing your devops effortsMoby is killing your devops efforts
Moby is killing your devops effortsKris Buytaert
 
Cynthia Wu: Satisfaction Not Guaranteed
Cynthia Wu: Satisfaction Not GuaranteedCynthia Wu: Satisfaction Not Guaranteed
Cynthia Wu: Satisfaction Not GuaranteedAnna Royzman
 
South Coast Summit 2021 - 12 months of power automate pain
South Coast Summit 2021 - 12 months of power automate painSouth Coast Summit 2021 - 12 months of power automate pain
South Coast Summit 2021 - 12 months of power automate painPeter Baddeley
 
Automation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret ManagementAutomation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret ManagementMary Racter
 
Enterprise system implementation strategies and phases
Enterprise system implementation strategies and phasesEnterprise system implementation strategies and phases
Enterprise system implementation strategies and phasesJohn Cachat
 
Continuous Delivery: why ? where to start ? how to scale ?
Continuous Delivery: why ? where to start ? how to scale ?Continuous Delivery: why ? where to start ? how to scale ?
Continuous Delivery: why ? where to start ? how to scale ?Jean-Philippe Briend
 
Executing for Every Screen: Build, launch and sustain products for your custo...
Executing for Every Screen: Build, launch and sustain products for your custo...Executing for Every Screen: Build, launch and sustain products for your custo...
Executing for Every Screen: Build, launch and sustain products for your custo...Steven Hoober
 
Lunch & Learn BigQuery & Firebase from other Google Cloud customers
Lunch & Learn BigQuery & Firebase from other Google Cloud customersLunch & Learn BigQuery & Firebase from other Google Cloud customers
Lunch & Learn BigQuery & Firebase from other Google Cloud customersDaniel Zivkovic
 
Agile and Secure
Agile and SecureAgile and Secure
Agile and SecureDenim Group
 
Measure and Accelerate Your Software Delivery
Measure and Accelerate Your Software DeliveryMeasure and Accelerate Your Software Delivery
Measure and Accelerate Your Software DeliveryAnand Chauhan
 

Similar to dradis Framework: Overview (20)

Streamlining Nonprofit Organizations - It's all About the Cloud!
Streamlining Nonprofit Organizations - It's all About the Cloud!Streamlining Nonprofit Organizations - It's all About the Cloud!
Streamlining Nonprofit Organizations - It's all About the Cloud!
 
Streamlining Nonprofit Organizations: It's All About the Cloud
Streamlining Nonprofit Organizations: It's All About the CloudStreamlining Nonprofit Organizations: It's All About the Cloud
Streamlining Nonprofit Organizations: It's All About the Cloud
 
[Christopher Ngo] Intro DevOPS XP Day 2015
[Christopher Ngo] Intro DevOPS XP Day 2015[Christopher Ngo] Intro DevOPS XP Day 2015
[Christopher Ngo] Intro DevOPS XP Day 2015
 
DevOps Security - Is It Really So Difficult? - Reuven Harrison - DevOpsDays T...
DevOps Security - Is It Really So Difficult? - Reuven Harrison - DevOpsDays T...DevOps Security - Is It Really So Difficult? - Reuven Harrison - DevOpsDays T...
DevOps Security - Is It Really So Difficult? - Reuven Harrison - DevOpsDays T...
 
Drupal and Devops , the Survey Results
Drupal and Devops , the Survey ResultsDrupal and Devops , the Survey Results
Drupal and Devops , the Survey Results
 
Intro to Cloud Native _ v1.0en (2021/01)
Intro to Cloud Native _ v1.0en (2021/01)Intro to Cloud Native _ v1.0en (2021/01)
Intro to Cloud Native _ v1.0en (2021/01)
 
Devops for drupal
Devops for drupalDevops for drupal
Devops for drupal
 
The Final Frontier, Automating Dynamic Security Testing
The Final Frontier, Automating Dynamic Security TestingThe Final Frontier, Automating Dynamic Security Testing
The Final Frontier, Automating Dynamic Security Testing
 
The Cloud: CIO\'s Perspective
The Cloud: CIO\'s PerspectiveThe Cloud: CIO\'s Perspective
The Cloud: CIO\'s Perspective
 
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
 
Moby is killing your devops efforts
Moby is killing your devops effortsMoby is killing your devops efforts
Moby is killing your devops efforts
 
Cynthia Wu: Satisfaction Not Guaranteed
Cynthia Wu: Satisfaction Not GuaranteedCynthia Wu: Satisfaction Not Guaranteed
Cynthia Wu: Satisfaction Not Guaranteed
 
South Coast Summit 2021 - 12 months of power automate pain
South Coast Summit 2021 - 12 months of power automate painSouth Coast Summit 2021 - 12 months of power automate pain
South Coast Summit 2021 - 12 months of power automate pain
 
Automation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret ManagementAutomation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret Management
 
Enterprise system implementation strategies and phases
Enterprise system implementation strategies and phasesEnterprise system implementation strategies and phases
Enterprise system implementation strategies and phases
 
Continuous Delivery: why ? where to start ? how to scale ?
Continuous Delivery: why ? where to start ? how to scale ?Continuous Delivery: why ? where to start ? how to scale ?
Continuous Delivery: why ? where to start ? how to scale ?
 
Executing for Every Screen: Build, launch and sustain products for your custo...
Executing for Every Screen: Build, launch and sustain products for your custo...Executing for Every Screen: Build, launch and sustain products for your custo...
Executing for Every Screen: Build, launch and sustain products for your custo...
 
Lunch & Learn BigQuery & Firebase from other Google Cloud customers
Lunch & Learn BigQuery & Firebase from other Google Cloud customersLunch & Learn BigQuery & Firebase from other Google Cloud customers
Lunch & Learn BigQuery & Firebase from other Google Cloud customers
 
Agile and Secure
Agile and SecureAgile and Secure
Agile and Secure
 
Measure and Accelerate Your Software Delivery
Measure and Accelerate Your Software DeliveryMeasure and Accelerate Your Software Delivery
Measure and Accelerate Your Software Delivery
 

Recently uploaded

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 

Recently uploaded (20)

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 

dradis Framework: Overview

  • 1. dradis Dradis Daniel Martín Gómez etd[-at-]nomejortu.com september '07 1
  • 2. Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture ➔ Implementation ➔ Demo ➔ What's next?
  • 3. scenario: where are we? ➔ Penetration testing is about information ✔ port scan ✔ vuln. scan Information Discovery ✔ web app scan ✔ ... ✔ metasploit Exploiting ✔ milw0rm ✔ ... ✔ reporterator Reporting ✔ word ✔ pdf tools ✔ ... 3
  • 4. scenario: where are we? ➔ Penetration testing is about information ➔ And what about information sharing? ✔ Each tester writes a “notes” file ✔ Some testers add the stuff straight to reporterator Problems with this approach: ✔ Exploiting oportunities may be lost ✔ Overlapping ✔ Lack of standarization in the “notes” ✔ Synchronization problems when using reporterator 4
  • 5. scenario: where are we? ➔ Penetration testing is about information ➔ And what about information sharing? ✔ Each tester writes a “notes” file ✔ Some testers add the stuff straight to reporterator Problems with this approach: ✔ Exploiting oportunities may be lost ✔ Overlapping while testing ✔ Lack of standarization in the “notes” ✔ Synchronization problems when using reporterator Does this sound anywhere near Quality or Efficiency? 5
  • 6. scenario: where are we? What is DRADIS? < 6
  • 7. Agenda ➔ Scenario: where are we? ➔ System design
  • 8. system design ➔ Goals and chalenges ✔ create a system to effectively share information 8
  • 9. system design ➔ Goals and chalenges ✔ create a system to effectively share information ✔ easy to use, easy to be adopted 9
  • 10. system design ➔ Goals and chalenges ✔ create a system to effectively share information ✔ easy to use, easy to be adopted ✔ flexibility => growth ; good design 10
  • 11. system design ➔ Goals and chalenges ● create a system to effectively share information ● easy to use, easy to be adopted ● flexibility => growth ; good design ✔ small and portable, so it can be used on site 11
  • 12. system design ● Goals and chalenges ● create a system to effectively share information ● easy to use, easy to be adopted ● flexibility => growth ; good design ● small and portable, so it can be used on site ➔ Benefits ➔ information is orginezed 12
  • 13. system design ● Goals and chalenges ● create a system to effectively share information ● easy to use, easy to be adopted ● flexibility => growth ; good design ● small and portable, so it can be used on site ➔ Benefits ➔ information is orginezed ➔ saves time: while testing and while reporting 13
  • 14. system design ● Goals and chalenges ● create a system to effectively share information ● easy to use, easy to be adopted ● flexibility => growth ; good design ● small and portable, so it can be used on site ➔ Benefits ➔ information is orginezed ➔ saves time: while testing and while reporting ➔ effective knowledge sharing 14
  • 15. system design ➔ Goals and chalenges ✔ create a system to effectively share information ✔ easy to use, easy to be adopted ✔ not too restrictive ✔ flexibility => growth ; good design ✔ small and portable, so it can be used on site ➔ Benefits ➔ information is orginezed ➔ saves time: while testing and while reporting ➔ effective knowledge sharing ➔ it is also good for one man testing 15
  • 16. Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture
  • 17. architecture DRADIS ➔ Client / Server architecture ➔ Coded in Ruby ➔ Multiple interfaces ➔ Different user profiles 17
  • 18. architecture SOAP Database Web 18
  • 19. Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture ➔ Implementation
  • 20. Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture ➔ Implementation ➔ Demo
  • 21. Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture ➔ Implementation ➔ Demo ➔ What's next?
  • 22. what's next? ➔ Give it a try! < Feature requests DRADIS ➔ ➔ Improve it yourself ➔ It will be released under GPL ➔ Hopefully on sourceforge 22
  • 23. dradis ¿Questions? Daniel Martín Gómez etd[-at-]nomejortu.com september '07 23