1 / 28

JD’s ToolBox – Fire and Water Toolkit

NT OBJECTives, Inc. JD’s ToolBox – Fire and Water Toolkit. Next Generation Web Assessment Technology. NT OBJECTives, Inc. Overview Web Architecture Web Hack Attacks Our solution Fire and Water Toolkit. NT OBJECTives, Inc. SQL Database. HTTP request (cleartext or SSL). Firewall. Web

lafayette-isai
Download Presentation

JD’s ToolBox – Fire and Water Toolkit

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NT OBJECTives, Inc. JD’s ToolBox – Fire and Water Toolkit Next Generation Web Assessment Technology

  2. NT OBJECTives, Inc. Overview Web Architecture Web Hack Attacks Our solution Fire and Water Toolkit

  3. NT OBJECTives, Inc. SQL Database HTTP request (cleartext or SSL) Firewall Web Client Web Server Web app DB Web app DB Web app Web app HTTP reply (HTML, Javascript, VBscript, etc) • Apache • IIS • Netscape • etc… • Plugins: • Perl • C/C++ • JSP, etc • Database connection: • ADO, • ODBC, etc.

  4. NT OBJECTives, Inc. http: // 10.0.0.1 / catalog / display.asp ? pg = 1 & product = 7 Web Server Web app DB Web app DB Web app Web app

  5. NT OBJECTives, Inc. Current Top Web Issues are: • Source Code Disclosure • Directory Browsing • File Upload Attacks • Backup and Archive Issues • Web Server Vulns • Remote Command Execution • SQL Injection Attacks

  6. NT OBJECTives, Inc. The web and e-commerce applications are the main focus of our efforts Web applications are important and growing in importance Web applications are complex and growing in complexity Our tool releases our going to have web specific priority

  7. NT OBJECTives, Inc. Fire and Water Our attempt to take web assessment to the next level Toolkit is targeted at assessment professionals Supports our initiative for providing complete assessment and defense services

  8. NT OBJECTives, Inc. Chaos – Current Situation Lots of good tools on the net – but none work together No standard for output Making a report from all these src’s is difficult at best - To do your job well, you require all this info

  9. NT OBJECTives, Inc. Fire Set of tools for assessment professionals Allows scripting Allows remote usage - Really shines on mapping internal networks from external findings

  10. NT OBJECTives, Inc. XML Automation ntoscan | ntoroute | ntoweb | ntomap | ntotrend = coolness

  11. NT OBJECTives, Inc. Tool Descriptions ntoscan – TCP/UDP scanner – No Banners, OSPrints ntoroute – TCMP/TCP traceroute tool ntoweb - web vuln crawler ntomap - network topology generator ntotrend – data trend tool (multiple reports over time)

  12. NT OBJECTives, Inc. Fire and Water Architecture • Complete XML Data Architecture • XML/XSL Reports are THE solution • Targeted Web Priority and Visualization • XML Mapping technology highlights web trouble spots • Superior Support for Data Trends over Time

  13. NT OBJECTives, Inc. CLI Interface Power CLI chosen as most powerful for experts Allows scripting Allows remote usage - Really shines on mapping internal networks from external findings

  14. NT OBJECTives, Inc. Web Focused Data Model By default, tools record web data Pinpoints and highlights web trouble spots Map visually distinguishes between web services and traditional services Completely designed to help resolve web security issues

  15. NT OBJECTives, Inc. XML Data Cohesion All tools output XML Results are sortable Reports are appendable Building large analysis sets from tools is possible DB storage with SQL databases is possible Query analysis Trend analysis

  16. NTOScanner

  17. NTOScanner

  18. NTOScanner

  19. NTOScanner + NTORoute

  20. NTOScanner + NTORoute

  21. NTOMap

  22. NTOMap

  23. NT OBJECTives, Inc. NTOScan Report

  24. NT OBJECTives, Inc. Water = NTOWire Command line driver ISAPI filter Installable remotely/scriptable Updateable via Snort Signatures - stay quickly up to date against the latest vulns

  25. NT OBJECTives, Inc. NTOWire Usage ntowire –install ntowire –load ntowire –unload ntowire -uninstall

  26. NT OBJECTives, Inc. Look for updates from us We’re back, We’re just getting started New tools New vision New capabilities

  27. NT OBJECTives, Inc. JD Glaser Erik Caso Mike Morton NT OBJECTives, Inc.

More Related