Be Mean to Your Code

Be Mean to Your Code!

@wickettSr. DevOps EngineerMentor Graphics,Embedded SoftwareDivisionCISSP, GWAPT, CCSK,GSEC, GCFWjames@ruggeddevops.orgruggeddevops.org

I recognize that mycode will be used inways I cannotanticipate, in ways itwas not designed,and for longer than itwas ever intended.

Ruggedization TheoryBuilding solutions to handleadversity will causeunintended, positive beneﬁtsthat will provide value thatwould have been unrealizedotherwise.

"Secondly, our network got a lot stronger as a result of the LulzSec attacks."-Surviving Lulz: Behind the Scenes of LulzSec @SXSW 2012 by CloudFlare team

Security vs. Rugged• Absence of • Verification of Events quality• Cost • Benefit• Negative • Positive• FUD • Known values• Toxic • Affirming

“[RISK ASSESSMENT] INTRODUCES ADANGEROUS FALLACY: THATSTRUCTURED INADEQUACY ISALMOST AS GOOD AS ADEQUACYAND THAT UNDERFUNDEDSECURITY EFFORTS PLUS RISKMANAGEMENT ARE ABOUT ASGOOD AS PROPERLY FUNDEDSECURITY WORK” - MICHAL ZALEWSKI

RUGGED source: Jessica Allen, http://drbl.in/bgwy

REPEATABLE – NO MANUAL STEPSRELIABLE - NO DOS HEREREVIEWABLE – AKA AUDITRAPID – FAST TO BUILD, DEPLOY, RESTORERESILIENT – AUTOMATED RECONFIGURATIONREDUCED - LIMITED ATTACK SURFACE

Put your code through the Gauntlet custom attacks dirbuster metasploit sqlmap fuzzers nessus w3af nmap

Put your code through the Gauntlet custom attacks dirbuster metasploit sqlmap fuzzers nessus w3af nmap Your web app You

GAUNTLT ALLOWS DEV ANDOPS AND SECURITY TOCOMMUNICATE

feature for nmap: nmap.feature@runFeature: Run nmap against a target and pass the value of the hostname from the profile.xml.Background: Given nmap is installedScenario:Verify server is available on standard web ports Given the hostname in the profile.xml When I run nmap against the hostname in the profile on ports 80,443 Then the output should contain: """ 80/tcp open http 443/tcp open https """

feature for nmap: nmap.feature@run @webserverFeature: Run nmap against a target and pass the value of the hostname from theprofile.xml.Background: #optional Given nmap is installedScenario: Verify server is available on standard web ports Given the hostname in the profile.xml When I run nmap against the hostname in the profile on ports 80,443 Then the output should contain: """ 80/tcp open http 443/tcp open https """

step definition for nmap: nmap.rbGiven /^nmap is installed$/ do steps %{ When I run `which nmap` Then the output should contain: """ nmap """ }endWhen /Î run nmap against the hostname in the profile on ports (d+),(d+)$/ do |arg2, arg3| steps %{ When I run `nmap "#{@hostname}" -p80,443` }end...

running gauntlt with failing testswickett$ gauntlt@gauntlet @runFeature: Run nmap against a target and pass the value of the hostname from the profile.xml. Background: # features/nmap/nmap.feature:5 Given nmap is installed # features/step_definitions/nmap.rb:2 Scenario:Verify server is available on standard web ports # features/nmap/nmap.feature:8 Given the hostname in the profile.xml # features/step_definitions/profile.rb:1 When I run nmap against the hostname in the profile on ports 8080,443 # features/step_definitions/nmap.rb:12 Then the output should contain: # aruba-0.4.11/lib/aruba/cucumber.rb:98 """ 8080/tcp open http 443/tcp open https """...Failing Scenarios:cucumber features/nmap/nmap.feature:8 # Scenario:Verify server is available on standard web ports1 scenario (1 failed)4 steps (1 failed, 3 passed)0m0.341s

running gauntlt with passing testswickett$ gauntlt@gauntlet @runFeature: Run nmap against a target and pass the value of the hostname from the profile.xml. Background: # features/nmap/nmap.feature:5 Given nmap is installed # features/step_definitions/nmap.rb:2 Scenario:Verify server is available on standard web ports # features/nmap/nmap.feature:8 Given the hostname in the profile.xml # features/step_definitions/profile.rb:1 When I run nmap against the hostname in the profile on ports 80,443 # features/step_definitions/nmap.rb:12 Then the output should contain: # aruba-0.4.11/lib/aruba/cucumber.rb:98 """ 80/tcp open http 443/tcp open https """1 scenario (1 passed)4 steps (4 passed)0m1.117s

HTTPS://GITHUB.COM/THEGAUNTLET/GAUNTLT

gauntlt team: James Wickett Mani Tadayon Roy Rapoport Jason Chan Matt Tesauro Tarek Moussa Jeremiah Shirk Luis De Leon Dan Cornell Scott Muc

Join Us• github > http://bit.ly/gauntlt_repo• google group > http://bit.ly/gauntlt_group• twitter: @gauntlt

http://blog.wickett.me	218
https://si0.twimg.com	2
http://safe.tumblr.com	2
https://twimg0-a.akamaihd.net	1

Be Mean to Your Code

by James Wickett on Jul 31, 2012

Accessibility

Categories

Upload Details

Usage Rights

4 Embeds 223

Statistics

Be Mean to Your Code Presentation Transcript