GTTA (Guided technical testing assistant)
DOWNLOAD LATEST VERSION: http://download.phishing-server.com/dl/gtta-2.5/vmware.zip Quick Overview: http://22.214.171.124/GTTA/downloads/GTTA_Whitepaper.pdf
AUDITING CHALLENGES AND HOW GTTA CAN HELP
GTTA can be used for technical and non technical audits, quality checks, verification process etc.
Challenge: Multiple checklists
By using decentralized checklists, companies are faced with many challenges. Consistent, high quality reporting is difficult to maintain while individual auditors are creating new checks or custom solutions, working and saving data locally on their personal laptops.
GTTA’s approach is to offer a multi-user compatible, web based application which supports the IT Auditor in conducting security checks with predefined checklists. GTTA comes with more than 900 predefined check types with more than 200 automated tools attached, with new checks added frequently. In addition, GTTA gives the Auditor the possibility to quickly add custom checks, tailoring it to your specific business needs.
Challenge: know-how exchange
Each auditor brings a unique set of skills and experiences into the job. GTTA can gather, analyze and disseminate this information to all users.
GTTA’s approach: We have created a WIKI style expert system where every auditor can attach special hints and comments to the checks. GTTA can make this information visible only for the auditor performing the check, or give the ability to create and upload new checks to a centralized update server to be shared with other users within the company. However, the most interesting aspect may be that GTTA offers a central repository for registered users where auditors worldwide can share their checks or tools and import to GTTA for free, allowing the free flow of information for the benefit of all.
Challenge: project coordination
Coordinating and assigning multiple parallel penetration tests within a company while keeping the overview of and status of each project.
GTTA uses a project overview page. This page gives real time detail about projects that are currently in progress, who is assigned, and the stage of completion each individual project is in. Additionally, GTTA also offers different views. For example, the “client” view would allow the auditor to link specific projects to a client, allowing them to log in and view status.
Challenge: multiple testing tools
Auditors tend to use too many different tools. Each of these tools come with custom GUI’s or configurations and the auditor ends up having a large collection of applications all located in different subfolders, all needing to be accessed separately. Bottom line…this takes more time and more tools does not guarantee better quality. In most cases, for each specific task there is an optimal tool.
GTTA’s approach is to combine the experience and knowhow with the most proven and up to date tools available. Additionally, GTTA allows the administrator to quickly integrate any type of script or tool and access it centrally from within the web GUI. This means auditors don’t lose their favorite tools, the system just makes them all work better together. As a result, GTTA will continue to grow and improve as new and better tools become available in the market. GTTA comes already packed with hundreds of common Tools and Scripts (Metasploit, Nmap, W3AF etc.) integrated into the framework. Within a few mouseclicks you can add your own tool or script to GTTA and use it via one simple Web GUI.
Challenge: report creation
Most clients require custom reports, needing statistics, summaries, detailed solutions etc. The standard vulnerability scanning reports do not offer the quality or customization level these clients require. These custom reports use custom templates and documenting each test consumes quite a bit of time.
GTTA has both a predefined report template and also a feature which allows the auditor to quickly and fully customize a report for each client. These templates are editable as either word or excel files. The database also offers the possibility to compare results from a previous test as it also serves as central depository for all reports. GTTA streamlines the reporting process saving time and improving the consistency of the results.
Challenge: Providing accurate and timely sales proposals
There is often a fair amount of guesswork when it comes to calculating the time and cost for a specific project. This can lead to disappointed clients even when the test itself is performed accurately.
GTTA assists the salesperson in creating an accurate proposal and setting the correct expectations from the beginning. Used as a point of sale tool, it can calculate overall expected effort (and therefore cost to the client) by defining the number of targets and check categories up front.
Challenge: Vulnerability tracking
In most cases, once a report with the vulnerabilities is given to the client the auditors duties are finished. However, the client must then deal with the new project and status of each individual employee responsible for each individual issue.
GTTA offers a tracking feature where each vulnerability can be assigned to a person with a target date for the fix. Additionally, a mail alert can be set up in the event that a particular vulnerability has not been marked as fixed within the given timeframe.
Challenge: Coordinating and Monitoring Security Audits
Bigger security providers need to coordinate multiple tests and auditors at the same time. Knowing the current progress on each project is essential for the planning of resources.
GTTA offers a feature where the project progress can be monitored by the client or the project manager: the moment a single check is finished the project status page gets updated. Additionally the resources can be allocated for each test module with a separate project management module.
See LICENSE file in the root repository directory.