Transcript bh-us-02-glaser-fire

NT OBJECTives, Inc.
JD’s ToolBox – Fire and Water Toolkit
Next Generation Web Assessment
Technology
NT OBJECTives, Inc.
Overview
Web Architecture
Web Hack Attacks
Our solution
Fire and Water Toolkit
NT OBJECTives, Inc.
HTTP
request
(cleartext
or SSL)
Web
Client
SQL
Database
Firewall
Web app
Web
Server
Web app
Web app
DB
DB
Web app
HTTP reply
(HTML,
Javascript,
VBscript,
etc)
•Apache
•IIS
•Netscape
etc…
Plugins:
•Perl
•C/C++
•JSP, etc
Database
connection:
•ADO,
•ODBC, etc.
NT OBJECTives, Inc.
http: // 10.0.0.1 / catalog / display.asp ? pg = 1 & product = 7
Web app
Web
Server
Web app
Web app
Web app
DB
DB
NT OBJECTives, Inc.
Current Top Web Issues are:
1.
2.
3.
4.
5.
6.
7.
Source Code Disclosure
Directory Browsing
File Upload Attacks
Backup and Archive Issues
Web Server Vulns
Remote Command Execution
SQL Injection Attacks
NT OBJECTives, Inc.
The web and e-commerce applications are the
main focus of our efforts
Web applications are important and growing in
importance
Web applications are complex and growing in
complexity
Our tool releases our going to have web
specific priority
NT OBJECTives, Inc.
Fire and Water
Our attempt to take web assessment to
the next level
Toolkit is targeted at assessment
professionals
Supports our initiative for providing
complete assessment and defense
services
NT OBJECTives, Inc.
Chaos – Current Situation
Lots of good tools on the net – but none work together
No standard for output
Making a report from all these src’s is difficult at best
- To do your job well, you require all this info
NT OBJECTives, Inc.
Fire
Set of tools for assessment professionals
Allows scripting
Allows remote usage
- Really shines on mapping internal networks
from external findings
NT OBJECTives, Inc.
XML Automation
ntoscan | ntoroute | ntoweb | ntomap | ntotrend = coolness
NT OBJECTives, Inc.
Tool Descriptions
ntoscan – TCP/UDP scanner – No Banners, OSPrints
ntoroute – TCMP/TCP traceroute tool
ntoweb - web vuln crawler
ntomap - network topology generator
ntotrend – data trend tool (multiple reports over time)
NT OBJECTives, Inc.
Fire and Water Architecture
1.
2.
3.
4.
Complete XML Data Architecture
XML/XSL Reports are THE solution
Targeted Web Priority and Visualization
XML Mapping technology highlights web
trouble spots
5. Superior Support for Data Trends over Time
NT OBJECTives, Inc.
CLI Interface Power
CLI chosen as most powerful for experts
Allows scripting
Allows remote usage
- Really shines on mapping internal networks
from external findings
NT OBJECTives, Inc.
Web Focused Data Model
By default, tools record web data
Pinpoints and highlights web trouble spots
Map visually distinguishes between web services and traditional
services
Completely designed to help resolve web security issues
NT OBJECTives, Inc.
XML Data Cohesion
All tools output XML
Results are sortable
Reports are appendable
Building large analysis sets from tools is possible
DB storage with SQL databases is possible
Query analysis
Trend analysis
NTOScanner
NTOScanner
NTOScanner
NTOScanner + NTORoute
NTOScanner + NTORoute
NTOMap
NTOMap
NT OBJECTives, Inc.
NTOScan Report
NT OBJECTives, Inc.
Water = NTOWire
Command line driver ISAPI filter
Installable remotely/scriptable
Updateable via Snort Signatures
- stay quickly up to date against the latest vulns
NT OBJECTives, Inc.
NTOWire Usage
ntowire –install
ntowire –load
ntowire –unload
ntowire -uninstall
NT OBJECTives, Inc.
Look for updates from us
We’re back, We’re just getting started
New tools
New vision
New capabilities
NT OBJECTives, Inc.
JD Glaser
Erik Caso
Mike Morton
NT OBJECTives, Inc.