Be Mean toYour Codewith Gauntlt
free phone calls
1337 tools
“[RISK ASSESSMENT] INTRODUCES ADANGEROUS FALLACY:THATSTRUCTURED INADEQUACY ISALMOST AS GOOD AS ADEQUACYAND THAT UNDERFUNDE...
“Is this Secure?”-Your Customer“It’s Certified”-You
there’s a better way
Your appsslyzedirbnmapcurlsqlmapgarmrYougenericPut your code through the Gauntlet
security tools are confusing
Gauntlt allows dev and ops andsecurity to communicate
$ gem install gauntltinstall gauntlt
Feature: nmap attacks for example.comBackground:Given "nmap" is installedAnd the following profile:| name | value || hostn...
$ gauntltFeature: nmap attacks for example.comBackground:Given "nmap" is installedAnd the following profile:| name | value...
$ gauntltFeature: nmap attacks for example.comBackground:Given "nmap" is installedAnd the following profile:| name | value...
Feature: nmap attacks for example.comBackground:Given "nmap" is installedAnd the following profile:| name | value || hostn...
Feature: nmap attacks for example.comBackground:Given "nmap" is installedAnd the following profile:| name | value || hostn...
Feature: nmap attacks for example.comBackground:Given "nmap" is installedAnd the following profile:| name | value || hostn...
Supported ToolscurlnmapsslyzeGarmrdirbgeneric
get started with gauntltgithub/gauntltgauntlt.orgvideostutorials@gauntltIRC #gauntltwehelp!start herecoolvids!
be mean to your codeand win!slideshare.com/wickett
Upcoming SlideShare
Loading in …5
×

Be Mean to Your Code - DevOps Days Austin 2013

948 views
937 views

Published on

presented at DevOps Days Austin 2013

Published in: Technology, News & Politics
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
948
On SlideShare
0
From Embeds
0
Number of Embeds
9
Actions
Shares
0
Downloads
9
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

Be Mean to Your Code - DevOps Days Austin 2013

  1. 1. Be Mean toYour Codewith Gauntlt
  2. 2. free phone calls
  3. 3. 1337 tools
  4. 4. “[RISK ASSESSMENT] INTRODUCES ADANGEROUS FALLACY:THATSTRUCTURED INADEQUACY ISALMOST AS GOOD AS ADEQUACYAND THAT UNDERFUNDEDSECURITY EFFORTS PLUS RISKMANAGEMENT ARE ABOUT ASGOOD AS PROPERLY FUNDEDSECURITY WORK” - MICHAL ZALEWSKI
  5. 5. “Is this Secure?”-Your Customer“It’s Certified”-You
  6. 6. there’s a better way
  7. 7. Your appsslyzedirbnmapcurlsqlmapgarmrYougenericPut your code through the Gauntlet
  8. 8. security tools are confusing
  9. 9. Gauntlt allows dev and ops andsecurity to communicate
  10. 10. $ gem install gauntltinstall gauntlt
  11. 11. Feature: nmap attacks for example.comBackground:Given "nmap" is installedAnd the following profile:| name | value || hostname | example.com || tcp_ping_ports | 22,25,80,443 |Scenario: Verify server is open on expected portsWhen I launch an "nmap" attack with:"""nmap -F <hostname>"""Then the output should contain:"""80/tcp open https"""Scenario: Verify that there are no unexpected ports openWhen I launch an "nmap" attack with:"""nmap -F <hostname>"""Then the output should not contain:"""25/tcp"""GivenWhenThenWhenThen
  12. 12. $ gauntltFeature: nmap attacks for example.comBackground:Given "nmap" is installedAnd the following profile:| name | value || hostname | example.com || tcp_ping_ports | 22,25,80,443 |Scenario: Verify server is open on expected portsWhen I launch an "nmap" attack with:"""nmap -F www.example.com"""Then the output should contain:"""443/tcp open https"""1 scenario (1 failed)5 steps (1 failed, 4 passed)0m18.341srunning gauntlt with failing tests
  13. 13. $ gauntltFeature: nmap attacks for example.comBackground:Given "nmap" is installedAnd the following profile:| name | value || hostname | example.com || tcp_ping_ports | 22,25,80,443 |Scenario: Verify server is open on expected portsWhen I launch an "nmap" attack with:"""nmap -F www.example.com"""Then the output should contain:"""443/tcp open https"""1 scenario (1 passed)5 steps (5 passed)0m18.341srunning gauntlt with passing tests
  14. 14. Feature: nmap attacks for example.comBackground:Given "nmap" is installedAnd the following profile:| name | value || hostname | example.com || tcp_ping_ports | 22,25,80,443 |Scenario: Verify server is open on expected portsWhen I launch an "nmap" attack with:"""nmap -F <hostname>"""Then the output should contain:"""80/tcp open https"""Scenario: Verify that there are no unexpected ports openWhen I launch an "nmap" attack with:"""nmap -F <hostname>"""Then the output should not contain:"""25/tcp"""setup stepsverifytoolsetconfig
  15. 15. Feature: nmap attacks for example.comBackground:Given "nmap" is installedAnd the following profile:| name | value || hostname | example.com || tcp_ping_ports | 22,25,80,443 |Scenario: Verify server is open on expected portsWhen I launch an "nmap" attack with:"""nmap -F <hostname>"""Then the output should contain:"""80/tcp open https"""Scenario: Verify that there are no unexpected ports openWhen I launch an "nmap" attack with:"""nmap -F <hostname>"""Then the output should not contain:"""25/tcp"""attackgetconfig
  16. 16. Feature: nmap attacks for example.comBackground:Given "nmap" is installedAnd the following profile:| name | value || hostname | example.com || tcp_ping_ports | 22,25,80,443 |Scenario: Verify server is open on expected portsWhen I launch an "nmap" attack with:"""nmap -F <hostname>"""Then the output should contain:"""80/tcp open https"""Scenario: Verify that there are no unexpected ports openWhen I launch an "nmap" attack with:"""nmap -F <hostname>"""Then the output should not contain:"""25/tcp"""assertneedlehaystack
  17. 17. Supported ToolscurlnmapsslyzeGarmrdirbgeneric
  18. 18. get started with gauntltgithub/gauntltgauntlt.orgvideostutorials@gauntltIRC #gauntltwehelp!start herecoolvids!
  19. 19. be mean to your codeand win!slideshare.com/wickett

×