SlideShare a Scribd company logo

dradis Framework: Overview

E
etd

Dradis is a system designed for effectively sharing information among penetration testers. It uses a client-server architecture and multiple interfaces to allow information from tests to be organized, shared in real-time, and included in reports to save time and improve quality. The goals were to create an easy to use and flexible system that promotes effective knowledge sharing whether used by individuals or teams doing on-site testing.

TechnologyBusiness
1 of 23
Download to read offline
dradis Dradis Daniel Martín Gómez etd[-at-]nomejortu.com september '07 1
Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture ➔ Implementation ➔ Demo ➔ What's next?
scenario: where are we? ➔ Penetration testing is about information ✔ port scan ✔ vuln. scan Information Discovery ✔ web app scan ✔ ... ✔ metasploit Exploiting ✔ milw0rm ✔ ... ✔ reporterator Reporting ✔ word ✔ pdf tools ✔ ... 3
scenario: where are we? ➔ Penetration testing is about information ➔ And what about information sharing? ✔ Each tester writes a “notes” file ✔ Some testers add the stuff straight to reporterator Problems with this approach: ✔ Exploiting oportunities may be lost ✔ Overlapping ✔ Lack of standarization in the “notes” ✔ Synchronization problems when using reporterator 4
scenario: where are we? ➔ Penetration testing is about information ➔ And what about information sharing? ✔ Each tester writes a “notes” file ✔ Some testers add the stuff straight to reporterator Problems with this approach: ✔ Exploiting oportunities may be lost ✔ Overlapping while testing ✔ Lack of standarization in the “notes” ✔ Synchronization problems when using reporterator Does this sound anywhere near Quality or Efficiency? 5
scenario: where are we? What is DRADIS? < 6
Agenda ➔ Scenario: where are we? ➔ System design
system design ➔ Goals and chalenges ✔ create a system to effectively share information 8
system design ➔ Goals and chalenges ✔ create a system to effectively share information ✔ easy to use, easy to be adopted 9
system design ➔ Goals and chalenges ✔ create a system to effectively share information ✔ easy to use, easy to be adopted ✔ flexibility => growth ; good design 10
system design ➔ Goals and chalenges ● create a system to effectively share information ● easy to use, easy to be adopted ● flexibility => growth ; good design ✔ small and portable, so it can be used on site 11
system design ● Goals and chalenges ● create a system to effectively share information ● easy to use, easy to be adopted ● flexibility => growth ; good design ● small and portable, so it can be used on site ➔ Benefits ➔ information is orginezed 12
system design ● Goals and chalenges ● create a system to effectively share information ● easy to use, easy to be adopted ● flexibility => growth ; good design ● small and portable, so it can be used on site ➔ Benefits ➔ information is orginezed ➔ saves time: while testing and while reporting 13
system design ● Goals and chalenges ● create a system to effectively share information ● easy to use, easy to be adopted ● flexibility => growth ; good design ● small and portable, so it can be used on site ➔ Benefits ➔ information is orginezed ➔ saves time: while testing and while reporting ➔ effective knowledge sharing 14
system design ➔ Goals and chalenges ✔ create a system to effectively share information ✔ easy to use, easy to be adopted ✔ not too restrictive ✔ flexibility => growth ; good design ✔ small and portable, so it can be used on site ➔ Benefits ➔ information is orginezed ➔ saves time: while testing and while reporting ➔ effective knowledge sharing ➔ it is also good for one man testing 15
Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture
architecture DRADIS ➔ Client / Server architecture ➔ Coded in Ruby ➔ Multiple interfaces ➔ Different user profiles 17
architecture SOAP Database Web 18
Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture ➔ Implementation
Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture ➔ Implementation ➔ Demo
Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture ➔ Implementation ➔ Demo ➔ What's next?
what's next? ➔ Give it a try! < Feature requests DRADIS ➔ ➔ Improve it yourself ➔ It will be released under GPL ➔ Hopefully on sourceforge 22
dradis ¿Questions? Daniel Martín Gómez etd[-at-]nomejortu.com september '07 23

Recommended

Status and Results from the Norcem CO2 Capture Project, Liv Bjerge (Norcem) U...
Status and Results from the Norcem CO2 Capture Project, Liv Bjerge (Norcem) U...Status and Results from the Norcem CO2 Capture Project, Liv Bjerge (Norcem) U...
Status and Results from the Norcem CO2 Capture Project, Liv Bjerge (Norcem) U...UK Carbon Capture and Storage Research Centre
 
'Applying carbon capture and storage to a Chinese steel plant.' Feasibility s...
'Applying carbon capture and storage to a Chinese steel plant.' Feasibility s...'Applying carbon capture and storage to a Chinese steel plant.' Feasibility s...
'Applying carbon capture and storage to a Chinese steel plant.' Feasibility s...Global CCS Institute
 
Panel 5. CCS projects in action - Dr Chong Kul Ryu, KEPRI
Panel 5. CCS projects in action - Dr Chong Kul Ryu, KEPRIPanel 5. CCS projects in action - Dr Chong Kul Ryu, KEPRI
Panel 5. CCS projects in action - Dr Chong Kul Ryu, KEPRIGlobal CCS Institute
 
Defcon17 - dradis Framework: sharing information will get you root
Defcon17 - dradis Framework: sharing information will get you rootDefcon17 - dradis Framework: sharing information will get you root
Defcon17 - dradis Framework: sharing information will get you rootetd
 
No IT Left Behind - Connecting the Software-Defined Data Center to Multi-Moda...
No IT Left Behind - Connecting the Software-Defined Data Center to Multi-Moda...No IT Left Behind - Connecting the Software-Defined Data Center to Multi-Moda...
No IT Left Behind - Connecting the Software-Defined Data Center to Multi-Moda...Intelligent Software Solutions
 
Beyond the Scrum Team: Delivering "Done" at Scale
Beyond the Scrum Team: Delivering "Done" at ScaleBeyond the Scrum Team: Delivering "Done" at Scale
Beyond the Scrum Team: Delivering "Done" at ScaleTasktop
 
Scaling Small App
Scaling Small AppScaling Small App
Scaling Small AppSabbir Ahmmed
 
BLUG 2013 - Mobile Application Delivery - Choices, choices, choices
BLUG 2013 - Mobile Application Delivery - Choices, choices, choicesBLUG 2013 - Mobile Application Delivery - Choices, choices, choices
BLUG 2013 - Mobile Application Delivery - Choices, choices, choicesRené Winkelmeyer
 

Recommended

Status and Results from the Norcem CO2 Capture Project, Liv Bjerge (Norcem) U...
Status and Results from the Norcem CO2 Capture Project, Liv Bjerge (Norcem) U...Status and Results from the Norcem CO2 Capture Project, Liv Bjerge (Norcem) U...
Status and Results from the Norcem CO2 Capture Project, Liv Bjerge (Norcem) U...UK Carbon Capture and Storage Research Centre
 
'Applying carbon capture and storage to a Chinese steel plant.' Feasibility s...
'Applying carbon capture and storage to a Chinese steel plant.' Feasibility s...'Applying carbon capture and storage to a Chinese steel plant.' Feasibility s...
'Applying carbon capture and storage to a Chinese steel plant.' Feasibility s...Global CCS Institute
 
Panel 5. CCS projects in action - Dr Chong Kul Ryu, KEPRI
Panel 5. CCS projects in action - Dr Chong Kul Ryu, KEPRIPanel 5. CCS projects in action - Dr Chong Kul Ryu, KEPRI
Panel 5. CCS projects in action - Dr Chong Kul Ryu, KEPRIGlobal CCS Institute
 
Defcon17 - dradis Framework: sharing information will get you root
Defcon17 - dradis Framework: sharing information will get you rootDefcon17 - dradis Framework: sharing information will get you root
Defcon17 - dradis Framework: sharing information will get you rootetd
 
No IT Left Behind - Connecting the Software-Defined Data Center to Multi-Moda...
No IT Left Behind - Connecting the Software-Defined Data Center to Multi-Moda...No IT Left Behind - Connecting the Software-Defined Data Center to Multi-Moda...
No IT Left Behind - Connecting the Software-Defined Data Center to Multi-Moda...Intelligent Software Solutions
 
Beyond the Scrum Team: Delivering "Done" at Scale
Beyond the Scrum Team: Delivering "Done" at ScaleBeyond the Scrum Team: Delivering "Done" at Scale
Beyond the Scrum Team: Delivering "Done" at ScaleTasktop
 
Scaling Small App
Scaling Small AppScaling Small App
Scaling Small AppSabbir Ahmmed
 
BLUG 2013 - Mobile Application Delivery - Choices, choices, choices
BLUG 2013 - Mobile Application Delivery - Choices, choices, choicesBLUG 2013 - Mobile Application Delivery - Choices, choices, choices
BLUG 2013 - Mobile Application Delivery - Choices, choices, choicesRené Winkelmeyer
 
Streamlining Nonprofit Organizations - It's all About the Cloud!
Streamlining Nonprofit Organizations - It's all About the Cloud!Streamlining Nonprofit Organizations - It's all About the Cloud!
Streamlining Nonprofit Organizations - It's all About the Cloud!Marc Baizman
 
Streamlining Nonprofit Organizations: It's All About the Cloud
Streamlining Nonprofit Organizations: It's All About the CloudStreamlining Nonprofit Organizations: It's All About the Cloud
Streamlining Nonprofit Organizations: It's All About the CloudDebra Askanase
 
[Christopher Ngo] Intro DevOPS XP Day 2015
[Christopher Ngo] Intro DevOPS XP Day 2015[Christopher Ngo] Intro DevOPS XP Day 2015
[Christopher Ngo] Intro DevOPS XP Day 2015Agile đây Vietnam
 
DevOps Security - Is It Really So Difficult? - Reuven Harrison - DevOpsDays T...
DevOps Security - Is It Really So Difficult? - Reuven Harrison - DevOpsDays T...DevOps Security - Is It Really So Difficult? - Reuven Harrison - DevOpsDays T...
DevOps Security - Is It Really So Difficult? - Reuven Harrison - DevOpsDays T...DevOpsDays Tel Aviv
 
Drupal and Devops , the Survey Results
Drupal and Devops , the Survey ResultsDrupal and Devops , the Survey Results
Drupal and Devops , the Survey ResultsKris Buytaert
 
Intro to Cloud Native _ v1.0en (2021/01)
Intro to Cloud Native _ v1.0en (2021/01)Intro to Cloud Native _ v1.0en (2021/01)
Intro to Cloud Native _ v1.0en (2021/01)Young Suk Ahn Park
 
Devops for drupal
Devops for drupalDevops for drupal
Devops for drupalKris Buytaert
 
The Final Frontier, Automating Dynamic Security Testing
The Final Frontier, Automating Dynamic Security TestingThe Final Frontier, Automating Dynamic Security Testing
The Final Frontier, Automating Dynamic Security TestingMatt Tesauro
 
The Cloud: CIO\'s Perspective
The Cloud: CIO\'s PerspectiveThe Cloud: CIO\'s Perspective
The Cloud: CIO\'s PerspectiveIvo Vachkov
 
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...apidays
 
Moby is killing your devops efforts
Moby is killing your devops effortsMoby is killing your devops efforts
Moby is killing your devops effortsKris Buytaert
 
Cynthia Wu: Satisfaction Not Guaranteed
Cynthia Wu: Satisfaction Not GuaranteedCynthia Wu: Satisfaction Not Guaranteed
Cynthia Wu: Satisfaction Not GuaranteedAnna Royzman
 
South Coast Summit 2021 - 12 months of power automate pain
South Coast Summit 2021 - 12 months of power automate painSouth Coast Summit 2021 - 12 months of power automate pain
South Coast Summit 2021 - 12 months of power automate painPeter Baddeley
 
Automation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret ManagementAutomation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret ManagementMary Racter
 
Enterprise system implementation strategies and phases
Enterprise system implementation strategies and phasesEnterprise system implementation strategies and phases
Enterprise system implementation strategies and phasesJohn Cachat
 
Continuous Delivery: why ? where to start ? how to scale ?
Continuous Delivery: why ? where to start ? how to scale ?Continuous Delivery: why ? where to start ? how to scale ?
Continuous Delivery: why ? where to start ? how to scale ?Jean-Philippe Briend
 
Executing for Every Screen: Build, launch and sustain products for your custo...
Executing for Every Screen: Build, launch and sustain products for your custo...Executing for Every Screen: Build, launch and sustain products for your custo...
Executing for Every Screen: Build, launch and sustain products for your custo...Steven Hoober
 
Lunch & Learn BigQuery & Firebase from other Google Cloud customers
Lunch & Learn BigQuery & Firebase from other Google Cloud customersLunch & Learn BigQuery & Firebase from other Google Cloud customers
Lunch & Learn BigQuery & Firebase from other Google Cloud customersDaniel Zivkovic
 
Agile and Secure
Agile and SecureAgile and Secure
Agile and SecureDenim Group
 
Measure and Accelerate Your Software Delivery
Measure and Accelerate Your Software DeliveryMeasure and Accelerate Your Software Delivery
Measure and Accelerate Your Software DeliveryAnand Chauhan
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 

More Related Content

Similar to dradis Framework: Overview

Streamlining Nonprofit Organizations - It's all About the Cloud!
Streamlining Nonprofit Organizations - It's all About the Cloud!Streamlining Nonprofit Organizations - It's all About the Cloud!
Streamlining Nonprofit Organizations - It's all About the Cloud!Marc Baizman
 
Streamlining Nonprofit Organizations: It's All About the Cloud
Streamlining Nonprofit Organizations: It's All About the CloudStreamlining Nonprofit Organizations: It's All About the Cloud
Streamlining Nonprofit Organizations: It's All About the CloudDebra Askanase
 
[Christopher Ngo] Intro DevOPS XP Day 2015
[Christopher Ngo] Intro DevOPS XP Day 2015[Christopher Ngo] Intro DevOPS XP Day 2015
[Christopher Ngo] Intro DevOPS XP Day 2015Agile đây Vietnam
 
DevOps Security - Is It Really So Difficult? - Reuven Harrison - DevOpsDays T...
DevOps Security - Is It Really So Difficult? - Reuven Harrison - DevOpsDays T...DevOps Security - Is It Really So Difficult? - Reuven Harrison - DevOpsDays T...
DevOps Security - Is It Really So Difficult? - Reuven Harrison - DevOpsDays T...DevOpsDays Tel Aviv
 
Drupal and Devops , the Survey Results
Drupal and Devops , the Survey ResultsDrupal and Devops , the Survey Results
Drupal and Devops , the Survey ResultsKris Buytaert
 
Intro to Cloud Native _ v1.0en (2021/01)
Intro to Cloud Native _ v1.0en (2021/01)Intro to Cloud Native _ v1.0en (2021/01)
Intro to Cloud Native _ v1.0en (2021/01)Young Suk Ahn Park
 
The Final Frontier, Automating Dynamic Security Testing
The Final Frontier, Automating Dynamic Security TestingThe Final Frontier, Automating Dynamic Security Testing
The Final Frontier, Automating Dynamic Security TestingMatt Tesauro
 
The Cloud: CIO\'s Perspective
The Cloud: CIO\'s PerspectiveThe Cloud: CIO\'s Perspective
The Cloud: CIO\'s PerspectiveIvo Vachkov
 
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...apidays
 
Moby is killing your devops efforts
Moby is killing your devops effortsMoby is killing your devops efforts
Moby is killing your devops effortsKris Buytaert
 
Cynthia Wu: Satisfaction Not Guaranteed
Cynthia Wu: Satisfaction Not GuaranteedCynthia Wu: Satisfaction Not Guaranteed
Cynthia Wu: Satisfaction Not GuaranteedAnna Royzman
 
South Coast Summit 2021 - 12 months of power automate pain
South Coast Summit 2021 - 12 months of power automate painSouth Coast Summit 2021 - 12 months of power automate pain
South Coast Summit 2021 - 12 months of power automate painPeter Baddeley
 
Automation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret ManagementAutomation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret ManagementMary Racter
 
Enterprise system implementation strategies and phases
Enterprise system implementation strategies and phasesEnterprise system implementation strategies and phases
Enterprise system implementation strategies and phasesJohn Cachat
 
Continuous Delivery: why ? where to start ? how to scale ?
Continuous Delivery: why ? where to start ? how to scale ?Continuous Delivery: why ? where to start ? how to scale ?
Continuous Delivery: why ? where to start ? how to scale ?Jean-Philippe Briend
 
Executing for Every Screen: Build, launch and sustain products for your custo...
Executing for Every Screen: Build, launch and sustain products for your custo...Executing for Every Screen: Build, launch and sustain products for your custo...
Executing for Every Screen: Build, launch and sustain products for your custo...Steven Hoober
 
Lunch & Learn BigQuery & Firebase from other Google Cloud customers
Lunch & Learn BigQuery & Firebase from other Google Cloud customersLunch & Learn BigQuery & Firebase from other Google Cloud customers
Lunch & Learn BigQuery & Firebase from other Google Cloud customersDaniel Zivkovic
 
Agile and Secure
Agile and SecureAgile and Secure
Agile and SecureDenim Group
 
Measure and Accelerate Your Software Delivery
Measure and Accelerate Your Software DeliveryMeasure and Accelerate Your Software Delivery
Measure and Accelerate Your Software DeliveryAnand Chauhan
 

Similar to dradis Framework: Overview (20)

Streamlining Nonprofit Organizations - It's all About the Cloud!
Streamlining Nonprofit Organizations - It's all About the Cloud!Streamlining Nonprofit Organizations - It's all About the Cloud!
Streamlining Nonprofit Organizations - It's all About the Cloud!
 
Streamlining Nonprofit Organizations: It's All About the Cloud
Streamlining Nonprofit Organizations: It's All About the CloudStreamlining Nonprofit Organizations: It's All About the Cloud
Streamlining Nonprofit Organizations: It's All About the Cloud
 
[Christopher Ngo] Intro DevOPS XP Day 2015
[Christopher Ngo] Intro DevOPS XP Day 2015[Christopher Ngo] Intro DevOPS XP Day 2015
[Christopher Ngo] Intro DevOPS XP Day 2015
 
DevOps Security - Is It Really So Difficult? - Reuven Harrison - DevOpsDays T...
DevOps Security - Is It Really So Difficult? - Reuven Harrison - DevOpsDays T...DevOps Security - Is It Really So Difficult? - Reuven Harrison - DevOpsDays T...
DevOps Security - Is It Really So Difficult? - Reuven Harrison - DevOpsDays T...
 
Drupal and Devops , the Survey Results
Drupal and Devops , the Survey ResultsDrupal and Devops , the Survey Results
Drupal and Devops , the Survey Results
 
Intro to Cloud Native _ v1.0en (2021/01)
Intro to Cloud Native _ v1.0en (2021/01)Intro to Cloud Native _ v1.0en (2021/01)
Intro to Cloud Native _ v1.0en (2021/01)
 
Devops for drupal
Devops for drupalDevops for drupal
Devops for drupal
 
The Final Frontier, Automating Dynamic Security Testing
The Final Frontier, Automating Dynamic Security TestingThe Final Frontier, Automating Dynamic Security Testing
The Final Frontier, Automating Dynamic Security Testing
 
The Cloud: CIO\'s Perspective
The Cloud: CIO\'s PerspectiveThe Cloud: CIO\'s Perspective
The Cloud: CIO\'s Perspective
 
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
 
Moby is killing your devops efforts
Moby is killing your devops effortsMoby is killing your devops efforts
Moby is killing your devops efforts
 
Cynthia Wu: Satisfaction Not Guaranteed
Cynthia Wu: Satisfaction Not GuaranteedCynthia Wu: Satisfaction Not Guaranteed
Cynthia Wu: Satisfaction Not Guaranteed
 
South Coast Summit 2021 - 12 months of power automate pain
South Coast Summit 2021 - 12 months of power automate painSouth Coast Summit 2021 - 12 months of power automate pain
South Coast Summit 2021 - 12 months of power automate pain
 
Automation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret ManagementAutomation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret Management
 
Enterprise system implementation strategies and phases
Enterprise system implementation strategies and phasesEnterprise system implementation strategies and phases
Enterprise system implementation strategies and phases
 
Continuous Delivery: why ? where to start ? how to scale ?
Continuous Delivery: why ? where to start ? how to scale ?Continuous Delivery: why ? where to start ? how to scale ?
Continuous Delivery: why ? where to start ? how to scale ?
 
Executing for Every Screen: Build, launch and sustain products for your custo...
Executing for Every Screen: Build, launch and sustain products for your custo...Executing for Every Screen: Build, launch and sustain products for your custo...
Executing for Every Screen: Build, launch and sustain products for your custo...
 
Lunch & Learn BigQuery & Firebase from other Google Cloud customers
Lunch & Learn BigQuery & Firebase from other Google Cloud customersLunch & Learn BigQuery & Firebase from other Google Cloud customers
Lunch & Learn BigQuery & Firebase from other Google Cloud customers
 
Agile and Secure
Agile and SecureAgile and Secure
Agile and Secure
 
Measure and Accelerate Your Software Delivery
Measure and Accelerate Your Software DeliveryMeasure and Accelerate Your Software Delivery
Measure and Accelerate Your Software Delivery
 

Recently uploaded

Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 

dradis Framework: Overview

  • 1. dradis Dradis Daniel Martín Gómez etd[-at-]nomejortu.com september '07 1
  • 2. Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture ➔ Implementation ➔ Demo ➔ What's next?
  • 3. scenario: where are we? ➔ Penetration testing is about information ✔ port scan ✔ vuln. scan Information Discovery ✔ web app scan ✔ ... ✔ metasploit Exploiting ✔ milw0rm ✔ ... ✔ reporterator Reporting ✔ word ✔ pdf tools ✔ ... 3
  • 4. scenario: where are we? ➔ Penetration testing is about information ➔ And what about information sharing? ✔ Each tester writes a “notes” file ✔ Some testers add the stuff straight to reporterator Problems with this approach: ✔ Exploiting oportunities may be lost ✔ Overlapping ✔ Lack of standarization in the “notes” ✔ Synchronization problems when using reporterator 4
  • 5. scenario: where are we? ➔ Penetration testing is about information ➔ And what about information sharing? ✔ Each tester writes a “notes” file ✔ Some testers add the stuff straight to reporterator Problems with this approach: ✔ Exploiting oportunities may be lost ✔ Overlapping while testing ✔ Lack of standarization in the “notes” ✔ Synchronization problems when using reporterator Does this sound anywhere near Quality or Efficiency? 5
  • 6. scenario: where are we? What is DRADIS? < 6
  • 7. Agenda ➔ Scenario: where are we? ➔ System design
  • 8. system design ➔ Goals and chalenges ✔ create a system to effectively share information 8
  • 9. system design ➔ Goals and chalenges ✔ create a system to effectively share information ✔ easy to use, easy to be adopted 9
  • 10. system design ➔ Goals and chalenges ✔ create a system to effectively share information ✔ easy to use, easy to be adopted ✔ flexibility => growth ; good design 10
  • 11. system design ➔ Goals and chalenges ● create a system to effectively share information ● easy to use, easy to be adopted ● flexibility => growth ; good design ✔ small and portable, so it can be used on site 11
  • 12. system design ● Goals and chalenges ● create a system to effectively share information ● easy to use, easy to be adopted ● flexibility => growth ; good design ● small and portable, so it can be used on site ➔ Benefits ➔ information is orginezed 12
  • 13. system design ● Goals and chalenges ● create a system to effectively share information ● easy to use, easy to be adopted ● flexibility => growth ; good design ● small and portable, so it can be used on site ➔ Benefits ➔ information is orginezed ➔ saves time: while testing and while reporting 13
  • 14. system design ● Goals and chalenges ● create a system to effectively share information ● easy to use, easy to be adopted ● flexibility => growth ; good design ● small and portable, so it can be used on site ➔ Benefits ➔ information is orginezed ➔ saves time: while testing and while reporting ➔ effective knowledge sharing 14
  • 15. system design ➔ Goals and chalenges ✔ create a system to effectively share information ✔ easy to use, easy to be adopted ✔ not too restrictive ✔ flexibility => growth ; good design ✔ small and portable, so it can be used on site ➔ Benefits ➔ information is orginezed ➔ saves time: while testing and while reporting ➔ effective knowledge sharing ➔ it is also good for one man testing 15
  • 16. Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture
  • 17. architecture DRADIS ➔ Client / Server architecture ➔ Coded in Ruby ➔ Multiple interfaces ➔ Different user profiles 17
  • 18. architecture SOAP Database Web 18
  • 19. Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture ➔ Implementation
  • 20. Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture ➔ Implementation ➔ Demo
  • 21. Agenda ➔ Scenario: where are we? ➔ System design ➔ Architecture ➔ Implementation ➔ Demo ➔ What's next?
  • 22. what's next? ➔ Give it a try! < Feature requests DRADIS ➔ ➔ Improve it yourself ➔ It will be released under GPL ➔ Hopefully on sourceforge 22
  • 23. dradis ¿Questions? Daniel Martín Gómez etd[-at-]nomejortu.com september '07 23