JD’s ToolBox – Fire and Water Toolkit

Next Generation Web Assessment Technology

NT OBJECTives, Inc.

NT OBJECTives, Inc.

Overview

Web Architecture

Web Hack Attacks

Our solution

Fire and Water Toolkit

NT OBJECTives, Inc.

WebServer DB

DB

Web app

WebClient Web app

Web app

Web app

HTTPrequest

(cleartext or SSL)

HTTP reply(HTML,

Javascript, VBscript,

etc)

Plugins:•Perl•C/C++•JSP, etc

Database connection:•ADO,•ODBC, etc.

SQL Database

•Apache•IIS•Netscape etc…

Firewall

NT OBJECTives, Inc.

WebServer DB

DB

Web app

Web app

Web app

Web app

http: // 10.0.0.1 / catalog / display.asp ? pg = 1 & product = 7

NT OBJECTives, Inc.

Current Top Web Issues are:1. Source Code Disclosure

2. Directory Browsing

3. File Upload Attacks

4. Backup and Archive Issues

5. Web Server Vulns

6. Remote Command Execution

7. SQL Injection Attacks

NT OBJECTives, Inc.

The web and e-commerce applications are the main focus of our efforts

Web applications are important and growing in importance

Web applications are complex and growing in complexity

Our tool releases our going to have web specific priority

NT OBJECTives, Inc.

Fire and Water

Our attempt to take web assessment to the next level

Toolkit is targeted at assessment professionals

Supports our initiative for providing complete assessment and defense services

NT OBJECTives, Inc.

Chaos – Current Situation

Lots of good tools on the net – but none work together

No standard for output

Making a report from all these src’s is difficult at best

- To do your job well, you require all this info

NT OBJECTives, Inc.

Fire

Set of tools for assessment professionals

Allows scripting

Allows remote usage

- Really shines on mapping internal networks

from external findings

NT OBJECTives, Inc.

XML Automation

ntoscan | ntoroute | ntoweb | ntomap | ntotrend = coolness

NT OBJECTives, Inc.

Tool Descriptions

ntoscan – TCP/UDP scanner – No Banners, OSPrints

ntoroute – TCMP/TCP traceroute tool

ntoweb - web vuln crawler

ntomap - network topology generator

ntotrend – data trend tool (multiple reports over time)

NT OBJECTives, Inc.

Fire and Water Architecture

1. Complete XML Data Architecture

2. XML/XSL Reports are THE solution

3. Targeted Web Priority and Visualization

4. XML Mapping technology highlights web trouble spots

5. Superior Support for Data Trends over Time

NT OBJECTives, Inc.

CLI Interface Power

CLI chosen as most powerful for experts

Allows scripting

Allows remote usage - Really shines on mapping internal networks

from external findings

NT OBJECTives, Inc.

Web Focused Data Model

By default, tools record web data

Pinpoints and highlights web trouble spots

Map visually distinguishes between web services and traditional services

Completely designed to help resolve web security issues

NT OBJECTives, Inc.

XML Data Cohesion

All tools output XML

Results are sortable

Reports are appendable

Building large analysis sets from tools is possible

DB storage with SQL databases is possible

Query analysis

Trend analysis

NTOScanner

NTOScanner

NTOScanner

NTOScanner + NTORoute

NTOScanner + NTORoute

NTOMap

NTOMap

NT OBJECTives, Inc.

NTOScan Report

NT OBJECTives, Inc.

Water = NTOWire

Command line driver ISAPI filter

Installable remotely/scriptable

Updateable via Snort Signatures - stay quickly up to date against the latest vulns

NT OBJECTives, Inc.

NTOWire Usage

ntowire –install

ntowire –load

ntowire –unload

ntowire -uninstall

NT OBJECTives, Inc.

Look for updates from us

We’re back, We’re just getting started

New toolsNew vision

New capabilities

NT OBJECTives, Inc.

JD Glaser

Erik Caso

Mike Morton

NT OBJECTives, Inc.