• Save
Be Mean to your Code with Gauntlt #txlf 2013
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Be Mean to your Code with Gauntlt #txlf 2013

on

  • 680 views

Talk presented at Texas Linux Fest 2013 (#txlf) in Austin, TX.

Talk presented at Texas Linux Fest 2013 (#txlf) in Austin, TX.

Statistics

Views

Total Views
680
Views on SlideShare
666
Embed Views
14

Actions

Likes
3
Downloads
0
Comments
0

3 Embeds 14

http://eventifier.co 8
http://www.eventifier.co 4
http://eventifier.com 2

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Be Mean to your Code with Gauntlt #txlf 2013 Presentation Transcript

  • 1. Be Mean toYour Codewith Gauntlt@gauntltgauntlt.org
  • 2. @wickettCollege StartupWeb Systems EngineerMedia StartupWeb Ops LeadDevOps
  • 3. the devopslife isgreat
  • 4. I want youto join thedevopsmovement
  • 5. I want youto join thegauntltproject
  • 6. how do youjoin?
  • 7. greatquestionbut first
  • 8. a briefhistory ofinfosec
  • 9. 1337 tools
  • 10. the wormsand virusesdidn’t stop
  • 11. we facedskilledadversaries
  • 12. we couldn’twin
  • 13. Instead ofEngineeringInfoSecbecameActuaries
  • 14. “[RISK ASSESSMENT]INTRODUCES A DANGEROUSFALLACY: THATSTRUCTURED INADEQUACYIS ALMOST AS GOOD ASADEQUACY AND THATUNDERFUNDED SECURITYEFFORTS PLUS RISKMANAGEMENT ARE ABOUTAS GOOD AS PROPERLYFUNDED SECURITY WORK”
  • 15. there wereothermovements
  • 16. devs became cool
  • 17. devs became cool agile
  • 18. the bizsells timenow
  • 19. dev and opsnow play nice
  • 20. http://www.slideshare.net/jallspaw/10-deploys-per-day-dev-and-ops-cooperation-at-flickr
  • 21. http://www.slideshare.net/jallspaw/10-deploys-per-day-dev-and-ops-cooperation-at-flickr
  • 22. cultureautomationmeasurementsharingcredit to John Willis and Damon Edwards
  • 23. infosechasn’t keptpace
  • 24. Your punchis soft,justlike yourheart
  • 25. “Is thisSecure?”-YourCustomer
  • 26. “It’sCertified”-You
  • 27. there’s abetter way
  • 28. 6 R’s ofRuggedDevOps
  • 29. http://www.slideshare.net/wickett/putting-rugged-into-your-devops-toolchain
  • 30. how doesone joinruggeddevops?
  • 31. entergauntlt
  • 32. gauntltcredits:Creators:Mani TadayonJames WickettCommunity Wrangler:Jeremiah ShirkFriends:Jason Chan, NetflixNeil Matatall, Twitter
  • 33. security toolsare confusing
  • 34. mappingdiscoveryexploitation
  • 35. securitytests onevery change
  • 36. wisdom froma video game
  • 37. alwayslisten toDoc
  • 38. Find theweakness ofyour enemy
  • 39. Codify yourknowledge(cheat sheets)
  • 40. sometimes, youface the sameenemies again
  • 41. gauntlt islike this
  • 42. fuzzfind inject
  • 43. sqlmap sslyzedirbcurlgenericnmapyour appgauntltexit status: 0
  • 44. Gauntlt helpsdev and opsand securityto communicate
  • 45. gauntltharmonizesour languages
  • 46. Conway’s LawAny organization that designs a system ... willinevitably produce a design whose structure isa copy of the organizations communicationstructure.Melvin E. Conway, 1968
  • 47. BehaviorDrivenDevelopmentBDD is a second-generation, outside–in, pull-based,multiple-stakeholder, multiple-scale, high-automation, agilemethodology. It describes a cycle of interactions with well-defined outputs, resulting in the delivery of working, testedsoftware that matters.Dan North , 2009
  • 48. we have tostartsomewhere
  • 49. $ gem install gauntltinstall gauntlt
  • 50. gauntltdesignSimpleExtensibleUNIX™: stdin, stdout, exit statusMinimum features yield maximumutility
  • 51. $ gauntlt --listDefined attacks:curldirbgarmrgenericnmapsqlmapsslyze
  • 52. Attack FilePlain Text FileGherkin syntax:GivenWhenThen
  • 53. Feature: nmap attacks for example.comBackground:Given "nmap" is installedAnd the following profile:| name | value || hostname | example.com |Scenario: Verify server is open on expected portsWhen I launch an "nmap" attack with:"""nmap -F <hostname>"""Then the output should contain:"""80/tcp open http"""Scenario: Verify that there are no unexpected ports openWhen I launch an "nmap" attack with:"""nmap -F <hostname>"""Then the output should not contain:"""25/tcp"""GivenWhenThenWhenThen
  • 54. running gauntlt with failing tests$ gauntltFeature: nmap attacks for example.comBackground:Given "nmap" is installedAnd the following profile:| name | value || hostname | example.com |Scenario: Verify server is open on expected portsWhen I launch an "nmap" attack with:"""nmap -F www.example.com"""Then the output should contain:"""443/tcp open https"""1 scenario (1 failed)5 steps (1 failed, 4 passed)0m18.341s
  • 55. $ gauntltFeature: nmap attacks for example.comBackground:Given "nmap" is installedAnd the following profile:| name | value || hostname | example.com |Scenario: Verify server is open on expected portsWhen I launch an "nmap" attack with:"""nmap -F www.example.com"""Then the output should contain:"""443/tcp open https"""1 scenario (1 passed)4 steps (4 passed)0m18.341srunning gauntlt with passing tests
  • 56. $ gauntlt --steps/^"(w+)" is installed in my path$//^"curl" is installed$//^"dirb" is installed$//^"garmr" is installed$//^"nmap" is installed$//^"sqlmap" is installed$//^"sslyze" is installed$//^I launch a "curl" attack with:$//^I launch a "dirb" attack with:$//^I launch a "garmr" attack with:$//^I launch a "generic" attack with:$//^I launch an "nmap" attack with:$//^I launch an "sslyze" attack with:$//^I launch an? "sqlmap" attack with:$//^the "(.*?)" command line binary is installed$//^the file "(.*?)" should contain XML:$//^the file "(.*?)" should not contain XML:$//^the following cookies should be received:$//^the following profile:$/
  • 57. $ gauntlt --steps/^"(w+)" is installed in my path$//^"sqlmap" is installed$//^I launch a "generic" attack with:$//^I launch an? "sqlmap" attack with:$/
  • 58. Feature: nmap attacks for example.comBackground:Given "nmap" is installedAnd the following profile:| name | value || hostname | example.com |Scenario: Verify server is open on expected portsWhen I launch an "nmap" attack with:"""nmap -F <hostname>"""Then the output should contain:"""80/tcp open http"""Scenario: Verify that there are no unexpected ports openWhen I launch an "nmap" attack with:"""nmap -F <hostname>"""Then the output should not contain:"""25/tcp"""setup stepsverifytoolsetconfig
  • 59. Feature: nmap attacks for example.comBackground:Given "nmap" is installedAnd the following profile:| name | value || hostname | example.com |Scenario: Verify server is open on expected portsWhen I launch an "nmap" attack with:"""nmap -F <hostname>"""Then the output should contain:"""80/tcp open http"""Scenario: Verify that there are no unexpected ports openWhen I launch an "nmap" attack with:"""nmap -F <hostname>"""Then the output should not contain:"""25/tcp"""attackgetconfig
  • 60. Feature: nmap attacks for example.comBackground:Given "nmap" is installedAnd the following profile:| name | value || hostname | example.com |Scenario: Verify server is open on expected portsWhen I launch an "nmap" attack with:"""nmap -F <hostname>"""Then the output should contain:"""80/tcp open http"""Scenario: Verify that there are no unexpected ports openWhen I launch an "nmap" attack with:"""nmap -F <hostname>"""Then the output should not contain:"""25/tcp"""assertneedlehaystack
  • 61. SupportedToolscurlnmapsqlmapsslyzeGarmrdirbgeneric
  • 62. NetflixUse CaseReal World Cloud Application Security, Jason Chanhttps://vimeo.com/54157394
  • 63. Check your ssl certs
  • 64. cookie tampering
  • 65. curl hacking
  • 66. Look for commonapachemisconfigurations
  • 67. @slowFeature: Run dirb scan on a URLScenario: Run a dirb scan looking for commonvulnerabilities in apacheGiven "dirb" is installedAnd the following profile:| name | value || hostname | http://example.com || wordlist | vulns/apache.txt |When I launch a "dirb" attack with:"""dirb <hostname> <dirb_wordlists_path>/<wordlist>"""Then the output should contain:"""FOUND: 0""".htaccess.htpasswd.meta.webaccess_logcgicgi-bincgi-pubcgi-scriptdummyerrorerror_loghtdocshttpdhttpd.pidiconsserver-infoserver-statuslogsmanualprintenvtest-cgitmp~bin~ftp~nobody~root
  • 68. I have my weakness.But I wont tellyou! Ha Ha Ha!
  • 69. Test for SQL Injection
  • 70. @slow @announceFeature: Run sqlmap against a targetScenario: Identify SQL injection vulnerabilitiesGiven "sqlmap" is installedAnd the following profile:| name | value || target_url | http://example.com?x=1 |When I launch a "sqlmap" attack with:"""python <sqlmap_path> -u <target_url> --dbms sqlite --batch -v 0 --tables"""
  • 71. my_first.attackSee ‘GET STARTED’ onproject repoStart here > https://github.com/gauntlt/gauntlt/tree/master/examplesFind examples for theattacksAdd your config (hostname,login url, user)Repeat
  • 72. Starter Kit on GitHubThe starter kit is on GitHub:github.com/gauntlt/gauntlt-starter-kitOr, download a copy from:www.gauntlt.org/
  • 73. Contributeto gauntltSee ‘FOR DEVELOPERS’ inthe READMEGet started in 7 steps
  • 74. If you getstuckCheck the READMEIRC Channel: #gauntlton freenode@gauntlt on twitterMailing List (https://groups.google.com/forum/#!forum/gauntlt)Office hours withweekly google hangout
  • 75. @gauntltfuture plans
  • 76. cultureautomationmeasurementsharingcredit to John Willis and Damon Edwards
  • 77. NextFeaturesMore output parsersMore attack adaptersJRuby & Java SupportFront end UI / webreports
  • 78. Add featurerequests here:https://github.com/gauntlt/gauntlt/issues
  • 79. get startedwith gauntltgithub/gauntltgauntlt.orgvideostutorials@gauntltIRC #gauntltwehelp!start herecoolvids!
  • 80. @wickettjames@gauntlt.orgBe Mean toYour Code!
  • 81. @wickettjames@gauntlt.orgBe Mean toYour Code!