• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Run your code through the Gauntlt
 

Run your code through the Gauntlt

on

  • 876 views

Presented at DevOps Days Silicon Valley 2013. Gauntlt is a rugged testing framework to integrate security testing into your process. It was spawned out of the Rugged DevOps movement.

Presented at DevOps Days Silicon Valley 2013. Gauntlt is a rugged testing framework to integrate security testing into your process. It was spawned out of the Rugged DevOps movement.

Statistics

Views

Total Views
876
Views on SlideShare
869
Embed Views
7

Actions

Likes
0
Downloads
1
Comments
0

1 Embed 7

https://twitter.com 7

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Run your code through the Gauntlt Run your code through the Gauntlt Presentation Transcript

    • Run yourcode throughtheGauntlt
    • we facedskilledadversaries
    • we couldn’twin
    • Instead ofEngineeringInfoSecbecameActuaries
    • “It’sCertified”-You
    • Your punchis soft,justlike yourheart
    • enterRuggedDevOpsentergauntltPhilosophyTooling
    • $ gem install gauntltinstall gauntlt
    • gauntlt islike this
    • sqlmap sslyzedirbcurlgenericnmapyour appgauntltexit status: 0
    • Codify yourknowledge(cheat sheets)
    • securitytesting onevery commit
    • gauntlt promotescollaboration
    • running gauntlt with failing tests$ gauntltFeature: nmap attacks for example.comBackground:Given "nmap" is installedAnd the following profile:| name | value || hostname | example.com |Scenario: Verify server is open on expected portsWhen I launch an "nmap" attack with:"""nmap -F www.example.com"""Then the output should contain:"""443/tcp open https"""1 scenario (1 failed)5 steps (1 failed, 4 passed)0m18.341sGivenWhenThen
    • $ gauntltFeature: nmap attacks for example.comBackground:Given "nmap" is installedAnd the following profile:| name | value || hostname | example.com |Scenario: Verify server is open on expected portsWhen I launch an "nmap" attack with:"""nmap -F www.example.com"""Then the output should contain:"""443/tcp open https"""1 scenario (1 passed)4 steps (4 passed)0m18.341srunning gauntlt with passing tests
    • @slowFeature: Run dirb scan on a URLScenario: Run a dirb scan looking for commonvulnerabilities in apacheGiven "dirb" is installedAnd the following profile:| name | value || hostname | http://example.com || wordlist | vulns/apache.txt |When I launch a "dirb" attack with:"""dirb <hostname> <dirb_wordlists_path>/<wordlist>"""Then the output should contain:"""FOUND: 0""".htaccess.htpasswd.meta.webaccess_logcgicgi-bincgi-pubcgi-scriptdummyerrorerror_loghtdocshttpdhttpd.pidiconsserver-infoserver-statuslogsmanualprintenvtest-cgitmp~bin~ftp~nobody~root
    • gauntltcredits:Creators:Mani TadayonJames WickettCommunity Wrangler:Jeremiah ShirkFriends:Jason Chan, NetflixNeil Matatall, Twitter
    • my_first.attackStart with the gauntlt.orgtutorialAdd your config (hostname,login url, user)Use examples from githubRepeat#gauntlt on freenode@gauntlt on twitter
    • @wickettjames@gauntlt.orgBe Mean toYour Code!