0
RUGGED SOFTWARE
USING RUGGED DRIVEN
DEVELOPMENT

@wickett // @iteration1 // @mattjay
$ wget http://bit.ly/rugged-sxsw-box

AND
!

Install Virtual Box and Vagrant
BE RUGGED AND
BE MEAN TO YOUR CODE
#RUGGED
#SXSW +
#BEMEAN
Use this one
to troll SXSW

Official tag
THEORY

APPLIED

63% HANDS ON LABS!
WORKSHOP PLEDGE
I will not attempt to access
my neighbor’s computer

!

I will not hack the wifi

!

I will be friendly to those
around me
...
ONE 5-MINUTE BREAK
HANDS-ON LABS
8 Mini Labs lasting 5 to 15 minutes each

Let us know if you are having a problem, and we
will help

We will...
VIRTUAL BOX AND VAGRANT
TIPS FOR THE LABS
Open the labs folder in your browser to
follow along to benefit from markdown
display

Run all commands f...
LOOKING FOR THE 5’S
WHY ARE YOU HERE?
OUR GOAL: EQUIP YOU WITH THE
THEORY, EXAMPLES AND TOOLING
SO THAT YOU CAN BEGIN YOUR
RUGGED JOURNEY
WHO ARE WE?
JAMES WICKETT
Austin, TX

Sr. DevOps Engr, Mentor Graphics

Gauntlt Core Team

DevOps Days Austin Organizer

Velocity, LAS...
MATT JOHANSEN
Houston, TX

Sr. Manager, TRC WhiteHat Security

BlackHat, DEFCON, RSA, more++

Wannabe Dev (node.js, angula...
KARTHIK GAEKWAD
Austin, TX

Sr. Software Engr, Mentor Graphics

DevOps Days Austin Organizer

Agile, LASCON, DevOps Days,
...
WHY DOES THIS MATTER?
SNOWDEN, NSA, NATION-STATE
ACTORS, …
PEOPLE MATTER
PEOPLE MATTER
THE BROKEN WINDOW FALLACY
&
THE PRISONER’S DILEMMA
BREACHES CAUSE CYNICISM,
DISTRUST AND LOSS
SOFTWARE HAS CHANGED
SOFTWARE AS A SERVICE
SOFTWARE AS
BRICOLAGE
BOLT ON
FEATURE
APPROACH
FRAGILE CODE AS A SERVICE
DEPLOY TIMELINES HAVE
CHANGED
DEV AND OPS HAVE TEAMED UP
IN THIS NEW WORLD
CONTINUOUS DELIVERY
IS A THING
http://www.slideshare.net/jallspaw/10-deploys-per-day-dev-and-ops-cooperation-at-flickr
DEVOPS IS 5 YEARS OLD NOW
SECURITY IS STUCK IN 1997
… MOSTLY
WHY IS THAT?
COMPLIANCE DRIVEN CULTURE:
PCI, SOX, …
RATIO PROBLEM
DEVS / OPS / SECURITY
100 / 10 / 1
SECURITY TOOLS ARE
CONFUSING
BUT, THERE IS HOPE
https://speakerdeck.com/garethr/security-monitoring-penetration-testing-meets-monitoring
http://www.youtube.com/watch?v=jQblKuMuS0Y
THE RUGGED MANIFESTO
I AM RUGGED AND, MORE IMPORTANTLY, MY CODE IS
RUGGED.
!

I RECOGNIZE THAT SOFTWARE HAS BECOME A
FOUNDATION OF OUR MODERN W...
I RECOGNIZE THAT MY CODE WILL BE USED IN WAYS
I CANNOT ANTICIPATE, IN WAYS IT WAS NOT
DESIGNED, AND FOR LONGER THAN IT WAS...
I RECOGNIZE THESE THINGS – AND I CHOOSE
TO BE RUGGED.
!

I AM RUGGED BECAUSE I REFUSE TO BE A
SOURCE OF VULNERABILITY OR W...
I AM RUGGED BECAUSE MY CODE CAN FACE
THESE CHALLENGES AND PERSIST IN SPITE
OF THEM.
!

I AM RUGGED, NOT BECAUSE IT IS EASY...
DEV / OPS / SEC JOIN FORCES
#RUGGEDDEVOPS
http://www.slideshare.net/wickett/putting-rugged-into-your-devops-toolchain
LET’S BUILD RUGGED SOFTWARE
RUGGED WEB APPS
VULNERABLE CODE IS
EVERYWHERE
CROSS SITE SCRIPTING
[XSS]
WHAT IS IT?
[XSS]
REFLECTIVE
[XSS]
PERSISTENT
[XSS]
DOM BASED
[XSS]
WHY IS IT BAD?
[XSS]
DOCUMENT.COOKIE
[XSS]
DOCUMENT.LOCATION
[XSS]
HOW DO I FIX IT?
[XSS]
GOOD: INPUT SANITIZATION
[XSS]
BLACKLIST :(
[XSS]
WHITELIST :)
[XSS]
BETTER: OUTPUT ENCODING
[XSS]
< > BECOME &LT; &GT;
[XSS]
SQL INJECTION
[SQLi]
WHAT IS IT?
[SQLi]
WHY IS IT BAD?
[SQLi]
CREDIT: XKCD
HOW WOULD YOU EXPLOIT?
‘;
PWNED
HOW DO I FIX IT?
[SQLi]
PARAMETERIZED QUERIES
[SQLi]
PARAMETERIZED QUERIES (PHP)
[SQLi]
PARAMETERIZED QUERIES (JAVA)
[SQLi]
CROSS SITE REQUEST FORGERY
[CSRF]
WHAT IS IT?
[CSRF]
WHY IS IT BAD?
[CSRF]
HOW DO I FIX IT?
[CSRF]
TOKENS!
[CSRF]
IMAGE CREDIT: DOTNETBIPS.COM
AGAIN… VULNERABLE
CODE IS EVERYWHERE
GETS FIXED SLOWLY
GETS FIXED SLOWLY
…IF EVER
OWASP TOP 10
LAB #1 - SETUP
github.com/gauntlt/gauntlt-demo

Open the Labs in your browser > https://
github.com/gauntlt/gauntlt-demo/tree/master/labs...
For this lab, you will complete:

├── 01_Overview.md
├── 02_Setup using Vagrant.md

LAB INSTRUCTIONS
5-MINUTE BREAK
LAB #2 - WEB APP HACKING
XSS DEMO
FIND THE VULN
FIND THE VULN
FIND THE VULN
For this lab, you will complete:

├── 04_Start up Vulnerable Target.md

LAB INSTRUCTIONS
For this lab, poke around and try to
find a second XSS vulnerability

!

Let us know when you find it…
INTRO TO GAUNTLT
WOULDN’T IT BE GREAT IF WE
COULD AUTOMATE OUR SECURITY
TESTS…
http://static.hothdwallpaper.net/51b8e4ee5a5ae19808.jpg
GAUNTLT IS AN

OPINIONATED
FRAMEWORK TO DO

RUGGED TESTING
GAUNTLT IS

OPEN SOURCE
MIT LICENSED
GAUNTLT AUTOMATES

SECURITY TOOLS
GAUNTLT = SECURITY + CUCUMBER
GARMR
CODE

NMAP

CURL

ARACHNI
GARMR

NMAP

CURL
CODE

ARACHNI
BUILT ON CUCUMBER
GAUNTLT PHILOSOPHY
Gauntlt comes with pre-canned steps that hook
security testing tools

Gauntlt does not install tools

G...
GAUNTLT IS COLLABORATION
*.attack

something.attack
else.attack

GAUNTLT IN ACTION
Feature

Description

Background

Setup

Scenario

Logic

ATTACK STRUCTURE
Given
When
Then

ATTACK LOGIC
Setup steps
Check Resource Available
Given “arachni” is installed

ATTACK STEP: GIVEN
Action steps
When I launch an
“arachni-xss” attack

ATTACK STEP: WHEN
Parsing Steps
Then the output should
not contain “fail”

ATTACK STEP: THEN
LET’S PUT IT ALL TOGETHER
LAB #3 - HELLO WORLD
For this lab, you will complete:

├── 05_Hello World with Gauntlt.md

LAB INSTRUCTIONS
HELLO WORLD
LAB #4 - BASIC PORT CHECK
For this lab, you will complete:

├── 06_Port Check.md

LAB INSTRUCTIONS
TRY OUT NMAP
$ nmap -F localhost
$ nmap -F scanme.nmap.org
@challenge @slow
Feature: check to make sure the right ports are
open on our server
!

!

Background:
Given "nmap" is inst...
$ bundle exec gauntlt --allsteps
TRUST THE PIPE
SOLUTION
@final @slow
Feature: check to make sure the right ports are open
on our server
!
Background:
Given "nmap" is ins...
LAB #5 - CLI AND REGEX
For this lab, you will complete:

├── 07_Working with Gauntlt CLI.md
├── 08_Regex.md

LAB INSTRUCTIONS
Open 07_Working with Gauntlt CLI.md and run the following:
08_Regex.md
SOLUTION
Then the output should match:
"""
8008/tcps+open
"""
Then the output should not match /3001.tcps+open/
LAB #6 - GARMR
For this lab, you will complete:

├── 09_Garmr and Web Security.md

LAB INSTRUCTIONS
WHAT IS GARMR?
GARMR IS A SCRIPT FROM
MOZILLA THAT CHECKS FOR A
BUNCH OF SECURITY POLICIES IN
WEB APPS
MOZILLA SECURITY POLICY
DISTILLED FOR THE REST OF US
LAB #7 - XSS WITH ARACHNI
For this lab, you will complete:

├── 10_Arachni and XSS testing.md

LAB INSTRUCTIONS
XSS LAB!
TRY OUT ARACHNI
arachni --modules=xss --depth=1 
--link-count=10 --auto-redundant=2 
scanme.nmap.org
BONUS POINTS, FIND THE VULN!
Hint….

!

When I launch an "arachni-full_xss" attack
LET US KNOW WHEN YOU HAVE
FOUND IT
Arachni found XSS in Gruyere, Oh noes!

!

localhost:8008/signup/<script>alert(1)</script>
LAB #8 - ADVANCED GAUNTLT
For this lab, you will complete:

├── 11_Assert Network.md
├── 12_Output to HTML.md
└── 13_Working with Environment Variab...
HTML OUTPUT
bundle exec gauntlt --format html > out.html
out.html
RUGGED TESTING
ON EVERY COMMIT
YOU PROMISED CI/CD
PIPELINE…
THIS DEFINITELY IS
5 STAR TERRITORY
TRAVIS CI PARSES CONFIG
AND THEN RUNS RAKE
RAKEFILE
require 'gauntlt'

!

task
sh
sh
sh
end

:gauntlt do
"cd ./vendor/gruyere && ./manual_launch.sh && cd ../.."
"cd ...
gauntlt-demo/.travis.yml
language: ruby
rvm:
- 1.9.3
before_install:
- git submodule update --init --recursive
before_scri...
WE HAVE BEEN DOING CONTINUOUS
INTEGRATION WITH GAUNTLT THIS
WHOLE TIME WITH THE LABS!
SAHWEET!
NOW WHAT?
THESE SLIDES
http://bit.ly/gauntlt-sxsw-slides
• Google Group > https://groups.google.com/d/
•
•
•
•
•

forum/gauntlt

Wiki > https://github.com/gauntlt/gauntlt/wiki

Tw...
https://vimeo.com/79797907
FREE GAUNTLT BETA BOOK
FOR SXSW ATTENDEES!
http://leanpub.com/hands-on-gauntlt/c/SXSW
Valid until March 11th
Caveat Emptor...
GAUNTLT-SERVER COMING SOON!
WILL YOU GIVE US THE 5’S?
QUESTIONS?
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven Development
Upcoming SlideShare
Loading in...5
×

Rugged Software Using Rugged Driven Development

2,025

Published on

Security testing is often done at the cadence of auditors and not at the pace of the development team which hurts delivery time in agile teams. Rugged Driven Development (RDD) utilizes security and other stress testing methodologies during the development process to impact the end product so that you create software that is secure, reliable and resilient.

Using the Gauntlt open source framework to help implement RDD you will find it fun to live by the Gauntlt motto, “be mean to your code.” You will be equipped to deliver and release ruggedized software faster as well as span the communication gaps that exist between dev, ops and security teams. This talk will help you implement RDD your projects with plenty of real world examples.

At the end of the workshop, you should:

Be Rugged Driven Dev savvy and ready to ruggedize your next project with some new practices and tooling
Know how to use gauntlt and the security tools it hooks into
Take some of the pre-built gauntlt attacks and modify them to your own project

Write your own gauntlt attacks and put them in practice

Published in: Technology
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,025
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
29
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

Transcript of "Rugged Software Using Rugged Driven Development"

  1. 1. RUGGED SOFTWARE USING RUGGED DRIVEN DEVELOPMENT @wickett // @iteration1 // @mattjay
  2. 2. $ wget http://bit.ly/rugged-sxsw-box AND ! Install Virtual Box and Vagrant
  3. 3. BE RUGGED AND BE MEAN TO YOUR CODE #RUGGED #SXSW + #BEMEAN Use this one to troll SXSW Official tag
  4. 4. THEORY APPLIED 63% HANDS ON LABS!
  5. 5. WORKSHOP PLEDGE
  6. 6. I will not attempt to access my neighbor’s computer ! I will not hack the wifi ! I will be friendly to those around me You/Me
  7. 7. ONE 5-MINUTE BREAK
  8. 8. HANDS-ON LABS 8 Mini Labs lasting 5 to 15 minutes each Let us know if you are having a problem, and we will help We will also be around after the class to help as well
  9. 9. VIRTUAL BOX AND VAGRANT
  10. 10. TIPS FOR THE LABS Open the labs folder in your browser to follow along to benefit from markdown display Run all commands from the ~/gauntlt-demo
  11. 11. LOOKING FOR THE 5’S
  12. 12. WHY ARE YOU HERE?
  13. 13. OUR GOAL: EQUIP YOU WITH THE THEORY, EXAMPLES AND TOOLING SO THAT YOU CAN BEGIN YOUR RUGGED JOURNEY
  14. 14. WHO ARE WE?
  15. 15. JAMES WICKETT Austin, TX Sr. DevOps Engr, Mentor Graphics Gauntlt Core Team DevOps Days Austin Organizer Velocity, LASCON, ISC2, AppSecUSA, B-Sides, …
  16. 16. MATT JOHANSEN Houston, TX Sr. Manager, TRC WhiteHat Security BlackHat, DEFCON, RSA, more++ Wannabe Dev (node.js, angularjs) I’m hiring
  17. 17. KARTHIK GAEKWAD Austin, TX Sr. Software Engr, Mentor Graphics DevOps Days Austin Organizer Agile, LASCON, DevOps Days, AppSecUSA, …
  18. 18. WHY DOES THIS MATTER?
  19. 19. SNOWDEN, NSA, NATION-STATE ACTORS, …
  20. 20. PEOPLE MATTER
  21. 21. PEOPLE MATTER
  22. 22. THE BROKEN WINDOW FALLACY & THE PRISONER’S DILEMMA
  23. 23. BREACHES CAUSE CYNICISM, DISTRUST AND LOSS
  24. 24. SOFTWARE HAS CHANGED
  25. 25. SOFTWARE AS A SERVICE
  26. 26. SOFTWARE AS BRICOLAGE
  27. 27. BOLT ON FEATURE APPROACH
  28. 28. FRAGILE CODE AS A SERVICE
  29. 29. DEPLOY TIMELINES HAVE CHANGED
  30. 30. DEV AND OPS HAVE TEAMED UP IN THIS NEW WORLD
  31. 31. CONTINUOUS DELIVERY IS A THING
  32. 32. http://www.slideshare.net/jallspaw/10-deploys-per-day-dev-and-ops-cooperation-at-flickr
  33. 33. DEVOPS IS 5 YEARS OLD NOW
  34. 34. SECURITY IS STUCK IN 1997 … MOSTLY
  35. 35. WHY IS THAT?
  36. 36. COMPLIANCE DRIVEN CULTURE: PCI, SOX, …
  37. 37. RATIO PROBLEM DEVS / OPS / SECURITY 100 / 10 / 1
  38. 38. SECURITY TOOLS ARE CONFUSING
  39. 39. BUT, THERE IS HOPE
  40. 40. https://speakerdeck.com/garethr/security-monitoring-penetration-testing-meets-monitoring
  41. 41. http://www.youtube.com/watch?v=jQblKuMuS0Y
  42. 42. THE RUGGED MANIFESTO
  43. 43. I AM RUGGED AND, MORE IMPORTANTLY, MY CODE IS RUGGED. ! I RECOGNIZE THAT SOFTWARE HAS BECOME A FOUNDATION OF OUR MODERN WORLD. ! I RECOGNIZE THE AWESOME RESPONSIBILITY THAT COMES WITH THIS FOUNDATIONAL ROLE.
  44. 44. I RECOGNIZE THAT MY CODE WILL BE USED IN WAYS I CANNOT ANTICIPATE, IN WAYS IT WAS NOT DESIGNED, AND FOR LONGER THAN IT WAS EVER INTENDED. ! I RECOGNIZE THAT MY CODE WILL BE ATTACKED BY TALENTED AND PERSISTENT ADVERSARIES WHO THREATEN OUR PHYSICAL, ECONOMIC AND NATIONAL SECURITY.
  45. 45. I RECOGNIZE THESE THINGS – AND I CHOOSE TO BE RUGGED. ! I AM RUGGED BECAUSE I REFUSE TO BE A SOURCE OF VULNERABILITY OR WEAKNESS. ! I AM RUGGED BECAUSE I ASSURE MY CODE WILL SUPPORT ITS MISSION.
  46. 46. I AM RUGGED BECAUSE MY CODE CAN FACE THESE CHALLENGES AND PERSIST IN SPITE OF THEM. ! I AM RUGGED, NOT BECAUSE IT IS EASY, BUT BECAUSE IT IS NECESSARY AND I AM UP FOR THE CHALLENGE.
  47. 47. DEV / OPS / SEC JOIN FORCES
  48. 48. #RUGGEDDEVOPS
  49. 49. http://www.slideshare.net/wickett/putting-rugged-into-your-devops-toolchain
  50. 50. LET’S BUILD RUGGED SOFTWARE
  51. 51. RUGGED WEB APPS
  52. 52. VULNERABLE CODE IS EVERYWHERE
  53. 53. CROSS SITE SCRIPTING [XSS]
  54. 54. WHAT IS IT? [XSS]
  55. 55. REFLECTIVE [XSS]
  56. 56. PERSISTENT [XSS]
  57. 57. DOM BASED [XSS]
  58. 58. WHY IS IT BAD? [XSS]
  59. 59. DOCUMENT.COOKIE [XSS]
  60. 60. DOCUMENT.LOCATION [XSS]
  61. 61. HOW DO I FIX IT? [XSS]
  62. 62. GOOD: INPUT SANITIZATION [XSS]
  63. 63. BLACKLIST :( [XSS]
  64. 64. WHITELIST :) [XSS]
  65. 65. BETTER: OUTPUT ENCODING [XSS]
  66. 66. < > BECOME &LT; &GT; [XSS]
  67. 67. SQL INJECTION [SQLi]
  68. 68. WHAT IS IT? [SQLi]
  69. 69. WHY IS IT BAD? [SQLi]
  70. 70. CREDIT: XKCD
  71. 71. HOW WOULD YOU EXPLOIT?
  72. 72. ‘;
  73. 73. PWNED
  74. 74. HOW DO I FIX IT? [SQLi]
  75. 75. PARAMETERIZED QUERIES [SQLi]
  76. 76. PARAMETERIZED QUERIES (PHP) [SQLi]
  77. 77. PARAMETERIZED QUERIES (JAVA) [SQLi]
  78. 78. CROSS SITE REQUEST FORGERY [CSRF]
  79. 79. WHAT IS IT? [CSRF]
  80. 80. WHY IS IT BAD? [CSRF]
  81. 81. HOW DO I FIX IT? [CSRF]
  82. 82. TOKENS! [CSRF]
  83. 83. IMAGE CREDIT: DOTNETBIPS.COM
  84. 84. AGAIN… VULNERABLE CODE IS EVERYWHERE
  85. 85. GETS FIXED SLOWLY
  86. 86. GETS FIXED SLOWLY
  87. 87. …IF EVER
  88. 88. OWASP TOP 10
  89. 89. LAB #1 - SETUP
  90. 90. github.com/gauntlt/gauntlt-demo Open the Labs in your browser > https:// github.com/gauntlt/gauntlt-demo/tree/master/labs/ sxsw-2014 You need Vagrant and VirtualBox installed on your laptop SETUP
  91. 91. For this lab, you will complete: ├── 01_Overview.md ├── 02_Setup using Vagrant.md LAB INSTRUCTIONS
  92. 92. 5-MINUTE BREAK
  93. 93. LAB #2 - WEB APP HACKING
  94. 94. XSS DEMO
  95. 95. FIND THE VULN
  96. 96. FIND THE VULN
  97. 97. FIND THE VULN
  98. 98. For this lab, you will complete: ├── 04_Start up Vulnerable Target.md LAB INSTRUCTIONS
  99. 99. For this lab, poke around and try to find a second XSS vulnerability ! Let us know when you find it…
  100. 100. INTRO TO GAUNTLT
  101. 101. WOULDN’T IT BE GREAT IF WE COULD AUTOMATE OUR SECURITY TESTS…
  102. 102. http://static.hothdwallpaper.net/51b8e4ee5a5ae19808.jpg
  103. 103. GAUNTLT IS AN OPINIONATED FRAMEWORK TO DO RUGGED TESTING
  104. 104. GAUNTLT IS OPEN SOURCE MIT LICENSED
  105. 105. GAUNTLT AUTOMATES SECURITY TOOLS
  106. 106. GAUNTLT = SECURITY + CUCUMBER
  107. 107. GARMR CODE NMAP CURL ARACHNI
  108. 108. GARMR NMAP CURL CODE ARACHNI
  109. 109. BUILT ON CUCUMBER
  110. 110. GAUNTLT PHILOSOPHY Gauntlt comes with pre-canned steps that hook security testing tools Gauntlt does not install tools Gauntlt wants to be part of the CI/CD pipeline Be a good citizen of exit status and stdout/stderr
  111. 111. GAUNTLT IS COLLABORATION
  112. 112. *.attack something.attack else.attack GAUNTLT IN ACTION
  113. 113. Feature Description Background Setup Scenario Logic ATTACK STRUCTURE
  114. 114. Given When Then ATTACK LOGIC
  115. 115. Setup steps Check Resource Available Given “arachni” is installed ATTACK STEP: GIVEN
  116. 116. Action steps When I launch an “arachni-xss” attack ATTACK STEP: WHEN
  117. 117. Parsing Steps Then the output should not contain “fail” ATTACK STEP: THEN
  118. 118. LET’S PUT IT ALL TOGETHER
  119. 119. LAB #3 - HELLO WORLD
  120. 120. For this lab, you will complete: ├── 05_Hello World with Gauntlt.md LAB INSTRUCTIONS
  121. 121. HELLO WORLD
  122. 122. LAB #4 - BASIC PORT CHECK
  123. 123. For this lab, you will complete: ├── 06_Port Check.md LAB INSTRUCTIONS
  124. 124. TRY OUT NMAP $ nmap -F localhost $ nmap -F scanme.nmap.org
  125. 125. @challenge @slow Feature: check to make sure the right ports are open on our server ! ! Background: Given "nmap" is installed And the following profile: | name | value | host | localhost | | Scenario: Verify server is open on expected ports When I launch an "nmap" attack with: """ nmap -F <host> """ # Then ... # TODO: figure out a way to parse the output and determine what is passing # For hints consult the README.md
  126. 126. $ bundle exec gauntlt --allsteps
  127. 127. TRUST THE PIPE
  128. 128. SOLUTION @final @slow Feature: check to make sure the right ports are open on our server ! Background: Given "nmap" is installed And the following profile: | name | value | | host | localhost | ! Scenario: Verify server is open on expected ports When I launch an "nmap" attack with: """ nmap -F <host> """ Then the output should contain: """ 8008 """
  129. 129. LAB #5 - CLI AND REGEX
  130. 130. For this lab, you will complete: ├── 07_Working with Gauntlt CLI.md ├── 08_Regex.md LAB INSTRUCTIONS
  131. 131. Open 07_Working with Gauntlt CLI.md and run the following:
  132. 132. 08_Regex.md
  133. 133. SOLUTION Then the output should match: """ 8008/tcps+open """ Then the output should not match /3001.tcps+open/
  134. 134. LAB #6 - GARMR
  135. 135. For this lab, you will complete: ├── 09_Garmr and Web Security.md LAB INSTRUCTIONS
  136. 136. WHAT IS GARMR?
  137. 137. GARMR IS A SCRIPT FROM MOZILLA THAT CHECKS FOR A BUNCH OF SECURITY POLICIES IN WEB APPS
  138. 138. MOZILLA SECURITY POLICY DISTILLED FOR THE REST OF US
  139. 139. LAB #7 - XSS WITH ARACHNI
  140. 140. For this lab, you will complete: ├── 10_Arachni and XSS testing.md LAB INSTRUCTIONS
  141. 141. XSS LAB!
  142. 142. TRY OUT ARACHNI arachni --modules=xss --depth=1 --link-count=10 --auto-redundant=2 scanme.nmap.org
  143. 143. BONUS POINTS, FIND THE VULN!
  144. 144. Hint…. ! When I launch an "arachni-full_xss" attack
  145. 145. LET US KNOW WHEN YOU HAVE FOUND IT
  146. 146. Arachni found XSS in Gruyere, Oh noes! ! localhost:8008/signup/<script>alert(1)</script>
  147. 147. LAB #8 - ADVANCED GAUNTLT
  148. 148. For this lab, you will complete: ├── 11_Assert Network.md ├── 12_Output to HTML.md └── 13_Working with Environment Variables.md LAB INSTRUCTIONS
  149. 149. HTML OUTPUT bundle exec gauntlt --format html > out.html
  150. 150. out.html
  151. 151. RUGGED TESTING ON EVERY COMMIT
  152. 152. YOU PROMISED CI/CD PIPELINE…
  153. 153. THIS DEFINITELY IS 5 STAR TERRITORY
  154. 154. TRAVIS CI PARSES CONFIG AND THEN RUNS RAKE
  155. 155. RAKEFILE require 'gauntlt' ! task sh sh sh end :gauntlt do "cd ./vendor/gruyere && ./manual_launch.sh && cd ../.." "cd ./examples && bundle exec gauntlt --tags @final && cd .." "cd ./vendor/gruyere && ./manual_kill.sh && cd ../.."
  156. 156. gauntlt-demo/.travis.yml language: ruby rvm: - 1.9.3 before_install: - git submodule update --init --recursive before_script: - sudo apt-get install nmap - sudo apt-get install wget - sudo apt-get install libcurl4-openssl-dev - 'pwd' - export SSLYZE_PATH="/home/travis/build/gauntlt/gauntlt-demo/vendor/sslyze/ sslyze.py" - export SQLMAP_PATH="/home/travis/build/gauntlt/gauntlt-demo/vendor/sqlmap/ sqlmap.py" - 'cd vendor/Garmr && sudo python setup.py install && cd ../..' - 'cd vendor && wget http://downloads.sourceforge.net/project/dirb/dirb/2.03/ dirb203.tar.gz && tar xvfz dirb203.tar.gz && cd dirb && ./configure && make && sudo cp dirb /usr/local/bin/ && cd ../../' - export DIRB_WORDLISTS="/home/travis/build/gauntlt/gauntlt/vendor/dirb/ wordlists" notifications: irc: channels: - "chat.freenode.net#gauntlt" use_notice: true
  157. 157. WE HAVE BEEN DOING CONTINUOUS INTEGRATION WITH GAUNTLT THIS WHOLE TIME WITH THE LABS!
  158. 158. SAHWEET!
  159. 159. NOW WHAT?
  160. 160. THESE SLIDES http://bit.ly/gauntlt-sxsw-slides
  161. 161. • Google Group > https://groups.google.com/d/ • • • • • forum/gauntlt Wiki > https://github.com/gauntlt/gauntlt/wiki Twitter > @gauntlt IRC > #gauntlt on freenode Weekly hangout > http://bit.ly/gauntlt-hangout Issue tracking > http://github.com/gauntlt/gauntlt
  162. 162. https://vimeo.com/79797907
  163. 163. FREE GAUNTLT BETA BOOK FOR SXSW ATTENDEES! http://leanpub.com/hands-on-gauntlt/c/SXSW Valid until March 11th Caveat Emptor: No content at the moment!
  164. 164. GAUNTLT-SERVER COMING SOON!
  165. 165. WILL YOU GIVE US THE 5’S?
  166. 166. QUESTIONS?
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×