Introduction
SensePost is an independent and objective organisation specialising in
information security consultation and assessment services. For all our
assessment we apply strict methodologies. This is especially true for Internet
Security Assessments, where our methodology has been developed and tuned over
many years. One of the challenges that analysts at SensePost faced when engaging
in assessments with enterprise-sized clients was applying this tried and tested methodology in an efficient and timely fashion. The requirement was to automate as much of the mundane processes in this methodology as possible whilst maintaining a high level of accuracy.
BiDiBLAH was developed by SensePost to specifically relieve our analysts from
performing repetitive processes, thus increasing efficiency, improving accuracy and allowing them to concentrate on the areas of the assessment that require manual attention. It also means that important aspects of the methodology are contained and standardised in one entity, the tool. This in turn means that you eliminate the potential risk of data loss and ensure all assessments are conducted against the same accepted standard.
What is BiDiBLAH ?
To understand what BiDiBLAH is, you need to understand who SensePost is and
where we come from. SensePost was started in 2000 with the focus of doing security assessments (although we later expanded our services to include training, consulting and Automated Management Services). We've believed since the beginning that our assessments should always go the extra mile and that we should find a way to compromise the target no matter how much effort it takes. A lot of our assessments were done over the Internet and without any prior knowledge of where the networks live, or what architecture is in use.
Soon we started to work with large international companies and organizations where finding every single Internet Access Point and exposed Internet Service became a big part of our assessment. Our customers realized that it was not only the complex vulnerability on a single host that bit them, but more often the single unsecured host somewhere on their vast perimeter that allowed attackers to breech the network. Thus, footprinting became such a big component of our services that we were often asked to perform projects that only entailed performing a footprint.
During the same time we honed our methodology for external assessments and of course refined technology to automate as much of this work for us. At about the same time SensePost started to see application level problems rearing its ugly head - performing web application and thick application
assessments became a big part of SensePost's business (But this is another
story altogether).
Near the end of 2004 our external methodology was well established and we started putting many of the concepts into code. The result of all this is BiDiBLAH, and today we use BiDiBLAH in some way on almost all our assessments. As we've refined our methodologies and techniques, so we update BiDiBLAH, adding new features and functionality on a continuous basis.
The evaluation of BiDiBLAH is limited to a 20 minute run time, and saving of
data has been disabled. There are two models available for the full version - a month by month subscription which cost
$200 and a year subscription that costs $2000. If you purchase the year
subscription you will receive all minor updates free of charge.
To purchase a month
subscription click
here. To purchase the year subscription version click
here.
BiDiBLAH is not limited to certain IP ranges, domains or hosts.
