Be Mean to Your Code

2,200
-1

Published on

Be Mean to Your Code - The gauntlt project was created to help you do just that!

1 Comment
1 Like
Statistics
Notes
  • Hello
    My name is amarilla, I saw your profile today and become interested in you. Please reply to me at(amarilla.adura01@yahoo.co.uk) I have much more to discuss with you.
    Thank you.
    Miss amarilla
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total Views
2,200
On Slideshare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
8
Comments
1
Likes
1
Embeds 0
No embeds

No notes for slide

Be Mean to Your Code

  1. 1. Be Mean to Your Code!
  2. 2. @wickettSr. DevOps EngineerMentor Graphics,Embedded SoftwareDivisionCISSP, GWAPT, CCSK,GSEC, GCFWjames@ruggeddevops.orgruggeddevops.org
  3. 3. I recognize that mycode will be used inways I cannotanticipate, in ways itwas not designed,and for longer than itwas ever intended.
  4. 4. Ruggedization TheoryBuilding solutions to handleadversity will causeunintended, positive benefitsthat will provide value thatwould have been unrealizedotherwise.
  5. 5. "Secondly, our network got a lot stronger as a result of the LulzSec attacks."-Surviving Lulz: Behind the Scenes of LulzSec @SXSW 2012 by CloudFlare team
  6. 6. Security vs. Rugged• Absence of • Verification of Events quality• Cost • Benefit• Negative • Positive• FUD • Known values• Toxic • Affirming
  7. 7. “[RISK ASSESSMENT] INTRODUCES ADANGEROUS FALLACY: THATSTRUCTURED INADEQUACY ISALMOST AS GOOD AS ADEQUACYAND THAT UNDERFUNDEDSECURITY EFFORTS PLUS RISKMANAGEMENT ARE ABOUT ASGOOD AS PROPERLY FUNDEDSECURITY WORK” - MICHAL ZALEWSKI
  8. 8. RUGGED source: Jessica Allen, http://drbl.in/bgwy
  9. 9. REPEATABLE – NO MANUAL STEPSRELIABLE - NO DOS HEREREVIEWABLE – AKA AUDITRAPID – FAST TO BUILD, DEPLOY, RESTORERESILIENT – AUTOMATED RECONFIGURATIONREDUCED - LIMITED ATTACK SURFACE
  10. 10. Put your code through the Gauntlet custom attacks dirbuster metasploit sqlmap fuzzers nessus w3af nmap
  11. 11. Put your code through the Gauntlet custom attacks dirbuster metasploit sqlmap fuzzers nessus w3af nmap Your web app You
  12. 12. GAUNTLT ALLOWS DEV ANDOPS AND SECURITY TOCOMMUNICATE
  13. 13. feature for nmap: nmap.feature@runFeature: Run nmap against a target and pass the value of the hostname from the profile.xml.Background: Given nmap is installedScenario:Verify server is available on standard web ports Given the hostname in the profile.xml When I run nmap against the hostname in the profile on ports 80,443 Then the output should contain: """ 80/tcp open http 443/tcp open https """
  14. 14. feature for nmap: nmap.feature@run @webserverFeature: Run nmap against a target and pass the value of the hostname from theprofile.xml.Background: #optional Given nmap is installedScenario: Verify server is available on standard web ports Given the hostname in the profile.xml When I run nmap against the hostname in the profile on ports 80,443 Then the output should contain: """ 80/tcp open http 443/tcp open https """
  15. 15. step definition for nmap: nmap.rbGiven /^nmap is installed$/ do steps %{ When I run `which nmap` Then the output should contain: """ nmap """ }endWhen /^I run nmap against the hostname in the profile on ports (d+),(d+)$/ do |arg2, arg3| steps %{ When I run `nmap "#{@hostname}" -p80,443` }end...
  16. 16. running gauntlt with failing testswickett$ gauntlt@gauntlet @runFeature: Run nmap against a target and pass the value of the hostname from the profile.xml. Background: # features/nmap/nmap.feature:5 Given nmap is installed # features/step_definitions/nmap.rb:2 Scenario:Verify server is available on standard web ports # features/nmap/nmap.feature:8 Given the hostname in the profile.xml # features/step_definitions/profile.rb:1 When I run nmap against the hostname in the profile on ports 8080,443 # features/step_definitions/nmap.rb:12 Then the output should contain: # aruba-0.4.11/lib/aruba/cucumber.rb:98 """ 8080/tcp open http 443/tcp open https """...Failing Scenarios:cucumber features/nmap/nmap.feature:8 # Scenario:Verify server is available on standard web ports1 scenario (1 failed)4 steps (1 failed, 3 passed)0m0.341s
  17. 17. running gauntlt with passing testswickett$ gauntlt@gauntlet @runFeature: Run nmap against a target and pass the value of the hostname from the profile.xml. Background: # features/nmap/nmap.feature:5 Given nmap is installed # features/step_definitions/nmap.rb:2 Scenario:Verify server is available on standard web ports # features/nmap/nmap.feature:8 Given the hostname in the profile.xml # features/step_definitions/profile.rb:1 When I run nmap against the hostname in the profile on ports 80,443 # features/step_definitions/nmap.rb:12 Then the output should contain: # aruba-0.4.11/lib/aruba/cucumber.rb:98 """ 80/tcp open http 443/tcp open https """1 scenario (1 passed)4 steps (4 passed)0m1.117s
  18. 18. HTTPS://GITHUB.COM/THEGAUNTLET/GAUNTLT
  19. 19. gauntlt team: James Wickett Mani Tadayon Roy Rapoport Jason Chan Matt Tesauro Tarek Moussa Jeremiah Shirk Luis De Leon Dan Cornell Scott Muc
  20. 20. Join Us• github > http://bit.ly/gauntlt_repo• google group > http://bit.ly/gauntlt_group• twitter: @gauntlt

×