Your SlideShare is downloading. ×
Gauntlt: Go Ahead, Be Mean to your Code
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Gauntlt: Go Ahead, Be Mean to your Code

746
views

Published on

5 Minute Talk at Austin Cloud User Group on gauntlt. …

5 Minute Talk at Austin Cloud User Group on gauntlt.

See http://gauntlt.org

Published in: Technology

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
746
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
1
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Gauntlt: Go Ahead, Be Mean to Your CodeTuesday, December 18, 12
  • 2. Would you vote for this talk as the best if...? A. If its funny B. If it useful to my job C. Dude, I know you want to win the iPad, you are down to 4 min and 37 seconds, stop surveying and start talking!Tuesday, December 18, 12
  • 3. @wickett Sr. DevOps Engineer Mentor Graphics, Embedded Software Division CISSP, GWAPT, CCSK, GSEC, GCFW james@gauntlt.org gauntlt.orgTuesday, December 18, 12
  • 4. A BRIEF HISTORY OF INFOSECTuesday, December 18, 12
  • 5. WE HAD CINEMATuesday, December 18, 12
  • 6. WE MADE FREE PHONE CALLSTuesday, December 18, 12
  • 7. WE WERE COOLTuesday, December 18, 12
  • 8. WE COULDN’T STOP THE VIRUSES AND WORMSTuesday, December 18, 12
  • 9. INSTEAD OF ENGINEERING INFOSEC BECAME ACTUARIESTuesday, December 18, 12
  • 10. “[RISK ASSESSMENT] INTRODUCES A DANGEROUS FALLACY: THAT STRUCTURED INADEQUACY IS ALMOST AS GOOD AS ADEQUACY AND THAT UNDERFUNDED SECURITY EFFORTS PLUS RISK MANAGEMENT ARE ABOUT AS GOOD AS PROPERLY FUNDED SECURITY WORK” - MICHAL ZALEWSKITuesday, December 18, 12
  • 11. “IS THIS SECURE?” -YOUR CUSTOMERTuesday, December 18, 12
  • 12. “ITS CERTIFIED”- YOUTuesday, December 18, 12
  • 13. Tuesday, December 18, 12
  • 14. NO PAIN, NO GAINTuesday, December 18, 12
  • 15. Put your code through the GauntletTuesday, December 18, 12
  • 16. Put your code through the Gauntlet Your web app YouTuesday, December 18, 12
  • 17. Put your code through the Gauntlet generic w3af garmr sqlmap fuzzers curl sslyze nmap Your web app YouTuesday, December 18, 12
  • 18. GAUNTLT ALLOWS DEV AND OPS AND SECURITY TO COMMUNICATETuesday, December 18, 12
  • 19. install gauntlt $ gem install gauntlt # download example attacks from github # customize the example attacks # now you can run gauntlt $ gauntlt # gauntlt looks for *.attack in its # directory Examples > https://github.com/thegauntlet/gauntlt/tree/master/examplesTuesday, December 18, 12
  • 20. @slow nmap.attack Feature: nmap attacks for example.com Background: Given "nmap" is installed And the following profile: | name | value | | hostname | example.com | | tcp_ping_ports | 22,25,80,443 | Scenario: Verify server is open on expected ports When I launch an "nmap" attack with: """ nmap -F <hostname> """ Then the output should contain: """ 80/tcp open https """ Scenario: Verify that there are no unexpected ports open When I launch an "nmap" attack with: """ nmap -F <hostname> """ Then the output should not contain: """ 25/tcp """Tuesday, December 18, 12
  • 21. running gauntlt with failing tests wickett$ gauntlt @slow Feature: nmap attacks for example.com Background: Given "nmap" is installed And the following profile: | name | value | | hostname | example.com | | tcp_ping_ports | 22,25,80,443 | Scenario: Verify server is open on expected ports When I launch an "nmap" attack with: """ nmap -F www.example.com """ Then the output should contain: """ 443/tcp open https """ 1 scenario (1 failed) 5 steps (1 failed, 4 passed) 0m18.341sTuesday, December 18, 12
  • 22. running gauntlt with passing tests wickett$ gauntlt @slow Feature: nmap attacks for example.com Background: Given "nmap" is installed And the following profile: | name | value | | hostname | example.com | | tcp_ping_ports | 22,25,80,443 | Scenario: Verify server is open on expected ports When I launch an "nmap" attack with: """ nmap -F www.example.com """ Then the output should contain: """ 443/tcp open https """ 1 scenario (1 passed) 5 steps (5 passed) 0m18.341sTuesday, December 18, 12
  • 23. Feature: Run sqlmap against a target Scenario: Identify SQL injection vulnerabilities Given "sqlmap" is installed And the target URL is "http://localhost?id=1" When I launch a "sqlmap" attack with: """ python <sqlmap_path> -u <target_url> """ Then the output should contain: """ sqlmap identified the following injection points """Tuesday, December 18, 12
  • 24. Feature: Run sqlmap against a target Scenario: Identify SQL injection vulnerabilities Given "sqlmap" is installed setup steps And the target URL is "http://localhost?id=1" When I launch a "sqlmap" attack with: """ python <sqlmap_path> -u <target_url> """ Then the output should contain: """ sqlmap identified the following injection points """Tuesday, December 18, 12
  • 25. Feature: Run sqlmap against a target verify Scenario: Identify SQL injection vulnerabilities tool Given "sqlmap" is installed setup steps And the target URL is "http://localhost?id=1" When I launch a "sqlmap" attack with: """ python <sqlmap_path> -u <target_url> """ Then the output should contain: """ sqlmap identified the following injection points """Tuesday, December 18, 12
  • 26. Feature: Run sqlmap against a target verify Scenario: Identify SQL injection vulnerabilities tool Given "sqlmap" is installed setup steps And the target URL is "http://localhost?id=1" When I launch a "sqlmap" attack with: set """ config python <sqlmap_path> -u <target_url> """ Then the output should contain: """ sqlmap identified the following injection points """Tuesday, December 18, 12
  • 27. Feature: Run sqlmap against a target Scenario: Identify SQL injection vulnerabilities Given "sqlmap" is installed And the target URL is "http://localhost?id=1" When I launch a "sqlmap" attack with: """ python <sqlmap_path> -u <target_url> """ Then the output should contain: """ sqlmap identified the following injection points """Tuesday, December 18, 12
  • 28. Feature: Run sqlmap against a target Scenario: Identify SQL injection vulnerabilities Given "sqlmap" is installed And the target URL is "http://localhost?id=1" When I launch a "sqlmap" attack with: """ attack! python <sqlmap_path> -u <target_url> """ Then the output should contain: """ sqlmap identified the following injection points """Tuesday, December 18, 12
  • 29. Feature: Run sqlmap against a target Scenario: Identify SQL injection vulnerabilities Given "sqlmap" is installed And the target URL is "http://localhost?id=1" When I launch a "sqlmap" attack with: """ attack! python <sqlmap_path> -u <target_url> """ env Then the output should contain: param """ sqlmap identified the following injection points """Tuesday, December 18, 12
  • 30. Feature: Run sqlmap against a target Scenario: Identify SQL injection vulnerabilities Given "sqlmap" is installed And the target URL is "http://localhost?id=1" When I launch a "sqlmap" attack with: """ attack! python <sqlmap_path> -u <target_url> """ env Then the output should contain: get param config """ sqlmap identified the following injection points """Tuesday, December 18, 12
  • 31. Feature: Run sqlmap against a target Scenario: Identify SQL injection vulnerabilities Given "sqlmap" is installed And the target URL is "http://localhost?id=1" When I launch a "sqlmap" attack with: """ python <sqlmap_path> -u <target_url> """ Then the output should contain: """ sqlmap identified the following injection points """Tuesday, December 18, 12
  • 32. Feature: Run sqlmap against a target Scenario: Identify SQL injection vulnerabilities Given "sqlmap" is installed And the target URL is "http://localhost?id=1" When I launch a "sqlmap" attack with: """ python <sqlmap_path> -u <target_url> """ Then the output should contain: """ assert sqlmap identified the following injection points """Tuesday, December 18, 12
  • 33. Feature: Run sqlmap against a target Scenario: Identify SQL injection vulnerabilities Given "sqlmap" is installed And the target URL is "http://localhost?id=1" When I launch a "sqlmap" attack with: """ python <sqlmap_path> -u <target_url> """ Then the output should contain: """ assert sqlmap identified the following injection points """ needleTuesday, December 18, 12
  • 34. Feature: Run sqlmap against a target Scenario: Identify SQL injection vulnerabilities Given "sqlmap" is installed And the target URL is "http://localhost?id=1" When I launch a "sqlmap" attack with: """ python <sqlmap_path> -u <target_url> """ haystack Then the output should contain: """ assert sqlmap identified the following injection points """ needleTuesday, December 18, 12
  • 35. Given /^"sqlmap" is installed$/ do ensure_python_script_installed(sqlmap) end When /^I launch an? "sqlmap" attack with:$/ do |command| sqlmap_path = path_to_python_script("sqlmap") command.gsub!(<target_url>, target_url) command.gsub!(<sqlmap_path>, sqlmap_path) run command endTuesday, December 18, 12
  • 36. Given /^"sqlmap" is installed$/ do step definition ensure_python_script_installed(sqlmap) end When /^I launch an? "sqlmap" attack with:$/ do |command| sqlmap_path = path_to_python_script("sqlmap") command.gsub!(<target_url>, target_url) command.gsub!(<sqlmap_path>, sqlmap_path) run command endTuesday, December 18, 12
  • 37. Given /^"sqlmap" is installed$/ do step definition ensure_python_script_installed(sqlmap) ruby end When /^I launch an? "sqlmap" attack with:$/ do |command| sqlmap_path = path_to_python_script("sqlmap") command.gsub!(<target_url>, target_url) command.gsub!(<sqlmap_path>, sqlmap_path) run command endTuesday, December 18, 12
  • 38. Given /^"sqlmap" is installed$/ do ensure_python_script_installed(sqlmap) end When /^I launch an? "sqlmap" attack with:$/ do |command| sqlmap_path = path_to_python_script("sqlmap") command.gsub!(<target_url>, target_url) command.gsub!(<sqlmap_path>, sqlmap_path) run command endTuesday, December 18, 12
  • 39. Given /^"sqlmap" is installed$/ do ensure_python_script_installed(sqlmap) end When /^I launch an? "sqlmap" attack with:$/ do |command| sqlmap_path = path_to_python_script("sqlmap") step definition command.gsub!(<target_url>, target_url) command.gsub!(<sqlmap_path>, sqlmap_path) run command endTuesday, December 18, 12
  • 40. Given /^"sqlmap" is installed$/ do ensure_python_script_installed(sqlmap) end When /^I launch an? "sqlmap" attack with:$/ do |command| sqlmap_path = path_to_python_script("sqlmap") step definition command.gsub!(<target_url>, target_url) command.gsub!(<sqlmap_path>, sqlmap_path) run command end executeTuesday, December 18, 12
  • 41. Supported Tools • curl • nmap • sslyze • sqlmap • Garmr • generic command lineTuesday, December 18, 12
  • 42. Try it yourself at http://gauntlt.org/ with the new gauntlt video tutorial!Tuesday, December 18, 12