OSSAMS: Gerenciamento de Segurança e Automação de Testes – Pentests

OSSAMS: Gerenciamento de Segurança e Automação de Testes – Pentests

Publicado em 27-10-2011 23:52

Cody Dumont, Adrien de Beaupre, e Darryl Williams são os desenvolvedores responsáveis pelo OSSAMS, que gradativamente, vem se tornando um poderoso sistema de gerenciamento de segurança e automação de testes. O sistema pode ser classificado como um verdadeiro framework para a colocação de arquivos de configuração, arquivos de segurança de verificação de dados (como Nessus), e outros dados recolhidos, durante uma avaliação de segurança ou teste de penetração, em um RDBMS.

Este framework foi projetada de forma semelhante ao Metasploit, ao SNORT, ou outros sistemas que permitem que a comunidade de segurança possa criar plugins para novas tarefas, quando necessário. O principal objetivo do OSSAMS é normalizar os dados, permitindo que o profissional de segurança possa melhor avaliar o estado atual da segurança de uma organização.

Links de Interesse:

[1] OSSAMS http://www.ossams.com/?page_id=46


The OSSAMS team is comprised of Cody Dumont, Adrien de Beaupre, and Darryl Williams.  Cody is a Sr. Security Consultant for the NWN STAR team (www.nwnstar.com), Adrien is a security tester in Canada with Intru-Shun.Ca Inc., and Darryl Williams is an expert in database design and SDLC architecture.

Founder of OSSAMS

The founder of OSSAMS is Cody Dumont.  Cody Dumont currently works for the NWN STAR team (www.nwnstar.com) and has been an Information security professional for about 10 years, with 16 years in IT.  The initial idea to create OSSAMS came to Cody as he analyzed data from many security assessments and tried to figure out a way to combine the data together from Nessus, Nmap and firewall configurations.  Realizing the only tools that did functions similar to this now were extremely expensive commercial tools, Cody decided to create a new project to solve this problem.  Cody also has the Network Configuration Builder Blog located at www.melcara.com.

Cody Dumont is a former Marine turned Geek, then Security Geek.  Cody started in IT during March of 1995, while in the Marines as a former 0311 (Infrantry) attending MRC (Micro Computer Repair Course) at 29 Palms CA.  Cody then went on to be awarded the Navy Achievement Medal for the IT related work performed for the 24th MEU.  After leaving the Marine Corps with a bad knee, go figure, he started working a for a few companies in the North East.  Cody currently works for NWN Corporation http://www.nwnit.com as a Sr. Security Consultant.

Cody currently holds a MS in Information Technology (Specialty in Information Security) from Capella University, a BS in Information Management from Daniel Webster College.  Cody has many industry Certs, starting with MCSE (NT4), MSCE (2k), Exchange (2K), CNE (5), A+, Security +, CCNA, CCNA Security, CCNP, CCIP, CISSP, CCSP, RSA enVision CSE and the GCWN.

Security Assessment Architect

Cody Dumont met Adrien de Beaupré at SANSFire Baltimore in 2010, where Adrien gave a presentation called “Network Vulnerability Assessment Automation and Reporting”.  During this talk Adrien discussed how he was creating tools to put data from Nessus, Nmap, and others into a database for easier analysis.  Then to Cody’s surprise, Adrien mentioned Cody’s Nessus parser (www.melcara.com).  Cody was extremely impressed with Adrien’s work.  Over the next 6 months or so, Cody and Adrien exchanged emails about their various parsing tools.  When Cody came up with idea for OSSAMS, Adrien was the first security professional he thought to call.

Adrien de Beaupré is a senior IT Security Consultant in Ottawa at Intru-Shun.Ca Inc., with over 16 years experience in security testing and incident response.  Adrien has performed many vulnerability assessments, penetration test, and incident management engagements of network hosts and web based applications for both Government and private sector clients. Adrien de Beaupré holds the ISC2 CISSP, GWAPT (GIAC Web Application Penetration Tester), GPEN (GIAC Penetration Tester), GCIH (GIAC Certified Incident Handler) GSEC (GIAC Security Essentials), OPST (OSSTMM Professional Security Tester), OPSA (OSSTMM Professional Security Analyst, and MCSE (NT4.0 and 2K). He is also a certified OSSTMM instructor. As a volunteer member of the SANS Internet Storm Center (isc.sans.edu) he performs incident handling and threat analysis.

Adrien specializes in network and computer security, incident response, digital forensics, vulnerability assessments, penetration testing, and technical instruction. He is a contributor to OSSTMM 3.0 and Hacking Exposed Linux 3rd Edition. As well he has contributed to open source projects such as nikto, watcher, w3af, and Zed Attack Proxy (ZAP).

Data Structure Architect

Cody met Darryl Williams at Daniel Webster College (DWC) in Nashua NH back in 1999 where they both earned a BS in Management and Information Technology.  Cody was amazed at Darryl’s thoroughness, ability to communicate, and solve data structure problems. Darryl also possessed a great deal of knowledge of, and experience with, various project implementation and software development methodologies. During their time at DWC, Cody learned more from interacting with Darryl than from any classes.  Darryl has an unmatched ability to look at a business process to flow and create a data structure around it.
Darryl Williams has over 20 years of life sciences industry experience, including 10 years in pharmaceutical Marketing and Sales IT. Darryl has managed over 15 full project life cycles with budgets from $25k to over $13M.
Darryl specializes in Program Management; Data Warehousing, Entity-Relationship, Transactional and Analytic Data Modeling; Business Intelligence, Analytics and Reporting; Master Data Management; Customer and third-party Pharmaceutical Data Integration; Business Process Analysis and Business Rules Management. He holds a BS in Management and Information Technology, a Master’s Degree in Management from Cambridge College and is a certified Project Management Professional (PMP).

Graphic Artist

Leah Dumont is the youngest sister of Founder Cody Dumont.  Leah is a self-employed graphic artist in Las Vegas.  Leah is the creator of the logo and other upcoming graphs for the OSSAMS project.

As a fresh, young designer with a background in offset printing and a bachelor’s degree in graphic design, Leah’s work stands apart from the over-saturated field of today’s market. In a world where anyone with a computer can call themselves designers, Leah strives for higher standards through studying the importance of fonts, colors and layout design. Leah’s understanding of the dynamic relationships between these elements separates her from the crowd, ensuring her work is original, modern and competitive.


Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s