SlideShare a Scribd company logo
BE MEAN TO YOUR CODE WITH
G A U N T LT A N D T H E R U G G E D W AY
JAMES WICKETT // @WICKETT

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
@WICKETT
• Austin, TX
• Gauntlt Core Team
• LASCON Founder
• Cloud Austin Organizer
• DevOps Days Austin Organizer
• DevOps, Ruby, AppSec, Chef, Cucumber, Gauntlt
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
REQUIREMENTS
OPTION 1

OPTION 2

• Virtual Box

• Ruby 1.9.3

• Vagrant

• Git

OR

• Gauntlt Box

• Bundler

• Pre-downloaded

• Reliable Internet

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
INSTRUCTIONS

bit.ly/gauntlt-demo-instructions

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
W H Y D O E S T H I S M AT T E R ?

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
P E O P L E M AT T E R

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
T H E B R O K E N W I N D O W FA L L A C Y
–HENRY HAZLITT

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
BESIDES LOSS, BREACHES CAUSE
CYNICISM AND DISTRUST

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
SOFTWARE HAS CHANGED

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
SOFTWARE AS A SERVICE

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
SOFTWARE AS
BRICOLAGE

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
B O LT O N F E AT U R E A P P R O A C H

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
FRAGILE CODE AS A SERVICE

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
D E P L O Y T I M E L I N E S H AV E
CHANGED

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
D E V A N D O P S H AV E F O U N D A
NEW RELIGION

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
SECURITY HAS NOT CHANGED

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
C O M P L I A N C E D R I V E N C U LT U R E :
PCI, SOX, …

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
PEOPLE PROCESS TOOLS

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
W E H AV E A P E O P L E P R O B L E M

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
T H E R AT I O P R O B L E M

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
D E V: O P S : S E C U R I T Y
100:10:1

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
LANGUAGE GAP

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
S E C U R I T Y D O E S N ' T A L W AY S
SPEAK THE LANGUAGE OF THE
BIZ / DEV / OPS TEAMS

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
PEOPLE PROCESS TOOLS

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
A B D I C AT I N G R E S P O N S I B I L I T Y
PROCESS

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
YOU NEED EXPERTS TO TEST FOR
SECURITY

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
FORMALIZED VIA AUDITORS AND
C O M P L I A N C E A N N U A L LY

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
PEOPLE PROCESS TOOLS

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
DEV -> SVN || GIT

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
OPS -> TXT || WIKIS

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
DEV -> GIT <- OPS

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
SECURITY -> SOURCEFORGE!

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
S I G N S T H AT S E C U R I T Y I S
MOVING INTO A NEW ERA

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
A N A LY T I C S , M O N I T O R S , L O G S , T E L E M E T R Y,
TESTING, CONFIG MANAGEMENT

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
AT TA C K C H A I N S A N D S I G N A L S

http://www.youtube.com/watch?v=jQblKuMuS0Y

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
V U L N E R A B I L I T Y E X P L O I TAT I O N I S
A TIMELINE

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
DISCOVERY

VULNERABILITY

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT

EXPLOIT
S Q L S Y N TA X E R R O R S
D B TA B L E N A M E S
LARGE RESPONSE SIZES

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
I N S T R U M E N T F U L L AT TA C K
C H A I N S A N D W AT C H F O R S I G N A L S

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
RUGGED

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
http://www.slideshare.net/wickett/putting-rugged-into-your-devops-toolchain

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
https://speakerdeck.com/garethr/security-monitoring-penetration-testing-meets-monitoring
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
DETECTION EARLIER

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
security tools today

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
E N T E R G A U N T LT

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
PEOPLE PROCESS TOOLS

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
G A U N T LT I S A N O P I N I O N AT E D
FRAMEWORK TO DO RUGGED TESTING

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
G A U N T LT = S E C U R I T Y + C U C U M B E R

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT

http://www.flickr.com/photos/35231744@N00/286858571/
CODE
BUILD
TEST
DEPLOY

FEEDBACK
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
CODE
BUILD
TEST
DEPLOY
~12 MOS. LATER
SECURITY
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
CODE
BUILD
TEST
SECURITY
DEPLOY

FEEDBACK
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
A STORY FROM 2010…

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
DEVOPS (+ SECURITY!)
@ernestmueller, @iteration1, @bproverb and friends

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
Ruby Script

REST ENDPOINTS

Questionable Payloads
Invalid Sessions
Large Payloads

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
COLLECTION OF SCRIPTS
MERGED INTO OUR TEST RUNNER

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
IN’S AND OUT’S ARE EASY TO
MESS UP

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
CUCUMBER AND OUTSIDE IN
TESTING

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
T H E S TA R T O F G A U N T LT

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
OUTSIDE IN TESTING FOR
SECURITY TOOLS

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
OUTPUT FROM SECURITY TOOLS
IS HARD TO DECIPHER

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
BE MEAN TO YOUR CODE

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
GARMR

NMAP

CODE

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT

ARACHNI

SQLMAP
GARMR

NMAP

ARACHNI

SQLMAP

CODE

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
GARMR

NMAP

ARACHNI

SQLMAP

CODE

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
GARMR

NMAP

CODE

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT

ARACHNI

SQLMAP

CODE

CODE
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
B U T W H AT A B O U T T H E P E O P L E

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
C O N V E R S AT I O N A N D C O L L A B O R AT I O N
I S T H E C O R E O F G A U N T LT

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
DEV
*.attack

OPS
SECURITY
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT

• Execution Knowledge
• Testing Logic Captured
• Repeatable
G A U N T LT I N A C T I O N

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
*.attack

something.attack
else.attack

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
Attack Structure
Feature

Description

Background

Setup

Scenario

Logic

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
Attack Logic
Given
When
Then

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
Attack Step: Given
Setup steps
Check Resource Available
Given “arachni” is installed

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
Attack Step: When
Action steps
When I launch an
“arachni-xss” attack

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
Attack Step: Then
Parsing Steps
Then the output should
not contain “fail”

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
G A U N T LT P H I L O S O P H Y

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
RUN SECURITY TOOLS IN A
R E P E ATA B L E , E A S Y T O R E A D W AY

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
G A U N T LT D O E S N O T I N S TA L L
TOOLS

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
G A U N T LT S H I P W I T H P R E C A N N E D AT TA C K S A N D S T E P S

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
B E PA R T O F T H E C I / C D P I P E L I N E

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
H A N D L E S T D I N , S T D O U T, A N D
E X I T S TAT U S

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
G A U N T LT I N U S E

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
AT A G A M E D E V S H O P

• Check for XSS (cross site scripting) [Arachni]
• Check for new login pages [Garmr]
• Check for insecure refs in login flows [Garmr]
• Extended XSS testing [Custom Arachni] (PR coming soon)

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
MENTOR GRAPHICS
• Smoke Test integration on environment build
• Checks REST services [curl]
• Tests for XSS [arachni]
• Injection attacks [sqlmap, dirb]
• Misconfiguration [dirb]
• SSL checks [sslyze]
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
AT C A B F O R W A R D

• Ruby Dev Shop
• Integrated into CI for customers
• GITHUB -> TravisCI -> Unit Tests / Integration Tests / Gauntlt

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
G I T H U B . C O M / G A U N T LT / G A U N T LT

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
$ gem install gauntlt

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
!

Given

Feature: nmap attacks for example.com
Background:
Given "nmap" is installed
And the following profile:
| name
| value
|
| hostname
| example.com |

!

When
Then
When
Then

Scenario: Verify server is open on expected ports
When I launch an "nmap" attack with:
"""
nmap -F <hostname>
"""
Then the output should contain:
"""
80/tcp open http
"""
Scenario: Verify that there are no unexpected ports open
When I launch an "nmap" attack with:
"""
nmap -F <hostname>
"""
Then the output should not contain:
"""
25/tcp
"""

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
HANDS ON

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
EVERYTHING YOU NEED…

http://bit.ly/gauntlt-demo-instructions

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
OPTION 1

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
OPTION 1 - CONTINUED

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
OPTION 2

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
$ vagrant ssh
!

vagrant@precise32:~$

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
$ cd gauntlt-demo

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
$ rvm use 1.9.3

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
04_Hello World with Gauntlt.md
$ cd ./examples
$ gauntlt ./hello_world/hello_world.attack

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
$ gauntlt --steps

/^"(w+)" is installed in my path$/
/^"arachni" is installed$/
/^"curl" is installed$/
/^"dirb" is installed$/
/^"garmr" is installed$/
/^"nmap" is installed$/
/^"sqlmap" is installed$/
/^"sslyze" is installed$/
/^I launch (?:a|an) "arachni" attack with:$/
/^I launch (?:a|an) "arachni-(.*?)" attack$/
/^I launch (?:a|an) "curl" attack with:$/
/^I launch (?:a|an) "dirb" attack with:$/
/^I launch (?:a|an) "garmr" attack with:$/
/^I launch (?:a|an) "generic" attack with:$/
/^I launch (?:a|an) "nmap" attack with:$/
/^I launch (?:a|an) "nmap-(.*?)" attack$/
/^I launch (?:a|an) "sqlmap" attack with:$/
/^I launch (?:a|an) "sslyze" attack with:$/
/^the "(.*?)" command line binary is installed$/
/^the DIRB_WORDLISTS environment variable is set$/
/^the file "(.*?)" should contain XML:$/
/^the file "(.*?)" should not contain XML:$/
/^the following cookies should be received:$/
/^the following environment variables:$/
/^the following profile:$/
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
bundle exec gauntlt --format html > out.html

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
• Google Group > https://groups.google.com/d/forum/gauntlt
• Wiki > https://github.com/gauntlt/gauntlt/wiki
• IRC > #gauntlt on freenode
• Weekly hangout > http://bit.ly/gauntlt-hangout
• Issue tracking > http://github.com/gauntlt/gauntlt
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
B E TA I N V I T E T O U D E M Y C L A S S ?
E M A I L J A M E S @ G A U N T LT. O R G

@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT

More Related Content

What's hot

Hallaran robert 4.4
Hallaran robert 4.4Hallaran robert 4.4
Hallaran robert 4.4
FENNODYREE
 
Data Science Festival - Beginners Guide to Weather and Climate Data
Data Science Festival - Beginners Guide to Weather and Climate DataData Science Festival - Beginners Guide to Weather and Climate Data
Data Science Festival - Beginners Guide to Weather and Climate Data
Margriet Groenendijk
 
Pregnancy travel-essentials
Pregnancy travel-essentialsPregnancy travel-essentials
Pregnancy travel-essentials
bugshieldclothing1
 
Progressive Web Apps: Is it a replacement for your mobile app?
Progressive Web Apps: Is it a replacement for your mobile app?Progressive Web Apps: Is it a replacement for your mobile app?
Progressive Web Apps: Is it a replacement for your mobile app?
Önder Ceylan
 
CIA For WordPress Developers
CIA For WordPress DevelopersCIA For WordPress Developers
CIA For WordPress Developers
David Brumbaugh
 
Global WordPress Translation Day – WordPress Meetup FRA
Global WordPress Translation Day – WordPress Meetup FRAGlobal WordPress Translation Day – WordPress Meetup FRA
Global WordPress Translation Day – WordPress Meetup FRA
pixolin
 
Linked Open GeoData for Enel Drive (W3C LOD2014)
Linked Open GeoData for Enel Drive (W3C LOD2014)Linked Open GeoData for Enel Drive (W3C LOD2014)
Linked Open GeoData for Enel Drive (W3C LOD2014)
Andrea Volpini
 
Enel linked open geo data
Enel linked open geo dataEnel linked open geo data
Enel linked open geo data
Raffaele Cirullo
 
Delineating sea level rise inundation
Delineating sea level rise inundationDelineating sea level rise inundation
Delineating sea level rise inundation
CJ Grady
 
AVID Community Service Dilemma
AVID Community Service DilemmaAVID Community Service Dilemma
AVID Community Service Dilemma
ReneeMerritt1
 
Gain Maximum Visibility into Your Applications - DEM03 - Chicago AWS Summit
Gain Maximum Visibility into Your Applications - DEM03 - Chicago AWS SummitGain Maximum Visibility into Your Applications - DEM03 - Chicago AWS Summit
Gain Maximum Visibility into Your Applications - DEM03 - Chicago AWS Summit
Amazon Web Services
 
Gain Maximum Visibility into Your Applications
Gain Maximum Visibility into Your Applications Gain Maximum Visibility into Your Applications
Gain Maximum Visibility into Your Applications
Amazon Web Services
 
100% Visibility - Jason Yee - Codemotion Amsterdam 2018
100% Visibility - Jason Yee - Codemotion Amsterdam 2018100% Visibility - Jason Yee - Codemotion Amsterdam 2018
100% Visibility - Jason Yee - Codemotion Amsterdam 2018
Codemotion
 
Tifflowers
TifflowersTifflowers
Tifflowers
Chris Himes
 
Indiana FirstNet Exponential Government Presentation
Indiana FirstNet Exponential Government PresentationIndiana FirstNet Exponential Government Presentation
Indiana FirstNet Exponential Government Presentation
Dustin Haisler
 

What's hot (15)

Hallaran robert 4.4
Hallaran robert 4.4Hallaran robert 4.4
Hallaran robert 4.4
 
Data Science Festival - Beginners Guide to Weather and Climate Data
Data Science Festival - Beginners Guide to Weather and Climate DataData Science Festival - Beginners Guide to Weather and Climate Data
Data Science Festival - Beginners Guide to Weather and Climate Data
 
Pregnancy travel-essentials
Pregnancy travel-essentialsPregnancy travel-essentials
Pregnancy travel-essentials
 
Progressive Web Apps: Is it a replacement for your mobile app?
Progressive Web Apps: Is it a replacement for your mobile app?Progressive Web Apps: Is it a replacement for your mobile app?
Progressive Web Apps: Is it a replacement for your mobile app?
 
CIA For WordPress Developers
CIA For WordPress DevelopersCIA For WordPress Developers
CIA For WordPress Developers
 
Global WordPress Translation Day – WordPress Meetup FRA
Global WordPress Translation Day – WordPress Meetup FRAGlobal WordPress Translation Day – WordPress Meetup FRA
Global WordPress Translation Day – WordPress Meetup FRA
 
Linked Open GeoData for Enel Drive (W3C LOD2014)
Linked Open GeoData for Enel Drive (W3C LOD2014)Linked Open GeoData for Enel Drive (W3C LOD2014)
Linked Open GeoData for Enel Drive (W3C LOD2014)
 
Enel linked open geo data
Enel linked open geo dataEnel linked open geo data
Enel linked open geo data
 
Delineating sea level rise inundation
Delineating sea level rise inundationDelineating sea level rise inundation
Delineating sea level rise inundation
 
AVID Community Service Dilemma
AVID Community Service DilemmaAVID Community Service Dilemma
AVID Community Service Dilemma
 
Gain Maximum Visibility into Your Applications - DEM03 - Chicago AWS Summit
Gain Maximum Visibility into Your Applications - DEM03 - Chicago AWS SummitGain Maximum Visibility into Your Applications - DEM03 - Chicago AWS Summit
Gain Maximum Visibility into Your Applications - DEM03 - Chicago AWS Summit
 
Gain Maximum Visibility into Your Applications
Gain Maximum Visibility into Your Applications Gain Maximum Visibility into Your Applications
Gain Maximum Visibility into Your Applications
 
100% Visibility - Jason Yee - Codemotion Amsterdam 2018
100% Visibility - Jason Yee - Codemotion Amsterdam 2018100% Visibility - Jason Yee - Codemotion Amsterdam 2018
100% Visibility - Jason Yee - Codemotion Amsterdam 2018
 
Tifflowers
TifflowersTifflowers
Tifflowers
 
Indiana FirstNet Exponential Government Presentation
Indiana FirstNet Exponential Government PresentationIndiana FirstNet Exponential Government Presentation
Indiana FirstNet Exponential Government Presentation
 

Viewers also liked

Continuous Security Testing
Continuous Security TestingContinuous Security Testing
Continuous Security Testing
Steven Mak
 
Bring the Noise
Bring the NoiseBring the Noise
Bring the Noise
Jon Cowie
 
Rugged Driven Development with Gauntlt
Rugged Driven Development with GauntltRugged Driven Development with Gauntlt
Rugged Driven Development with Gauntlt
James Wickett
 
Be Mean To Your Code: Rugged Development & You
Be Mean To Your Code: Rugged Development & YouBe Mean To Your Code: Rugged Development & You
Be Mean To Your Code: Rugged Development & You
James Wickett
 
Why Page Speed Isn't Enough - Tim Morrow - Velocity Europe 2012
Why Page Speed Isn't Enough - Tim Morrow - Velocity Europe 2012Why Page Speed Isn't Enough - Tim Morrow - Velocity Europe 2012
Why Page Speed Isn't Enough - Tim Morrow - Velocity Europe 2012
Tim Morrow
 
Performance and Metrics at Lonely Planet
Performance and Metrics at Lonely PlanetPerformance and Metrics at Lonely Planet
Performance and Metrics at Lonely Planet
Mark Jennings
 
Velocity EU 2013 What is the velocity of an unladen swallow?
Velocity EU 2013 What is the velocity of an unladen swallow?Velocity EU 2013 What is the velocity of an unladen swallow?
Velocity EU 2013 What is the velocity of an unladen swallow?
pdyball
 
Data viz as_interface_makoto_inoue
Data viz as_interface_makoto_inoueData viz as_interface_makoto_inoue
Data viz as_interface_makoto_inoue
Makoto Inoue
 
Are Today’s Good Practices… Tomorrow’s Performance Anti-Patterns?
Are Today’s Good Practices… Tomorrow’s Performance Anti-Patterns?Are Today’s Good Practices… Tomorrow’s Performance Anti-Patterns?
Are Today’s Good Practices… Tomorrow’s Performance Anti-Patterns?
Andy Davies
 
MeasureWorks - Velocity Conference Europe 2012 - a Web Performance dashboard ...
MeasureWorks - Velocity Conference Europe 2012 - a Web Performance dashboard ...MeasureWorks - Velocity Conference Europe 2012 - a Web Performance dashboard ...
MeasureWorks - Velocity Conference Europe 2012 - a Web Performance dashboard ...
MeasureWorks
 
Velocity EU 2012 - Third party scripts and you
Velocity EU 2012 - Third party scripts and youVelocity EU 2012 - Third party scripts and you
Velocity EU 2012 - Third party scripts and you
Patrick Meenan
 
Integrating multiple CDNs at Etsy
Integrating multiple CDNs at EtsyIntegrating multiple CDNs at Etsy
Integrating multiple CDNs at Etsy
Laurie Denness
 
DevOps Proverbs - DevOps Wisdom, Principles and Practices
DevOps Proverbs - DevOps Wisdom, Principles and PracticesDevOps Proverbs - DevOps Wisdom, Principles and Practices
DevOps Proverbs - DevOps Wisdom, Principles and Practices
James Wickett
 
Getting 100B Metrics to Disk
Getting 100B Metrics to DiskGetting 100B Metrics to Disk
Getting 100B Metrics to Disk
jthurman42
 
Serverless Security: Doing Security in 100 milliseconds
Serverless Security: Doing Security in 100 millisecondsServerless Security: Doing Security in 100 milliseconds
Serverless Security: Doing Security in 100 milliseconds
James Wickett
 
Application Security Epistemology in a Continuous Delivery World
Application Security Epistemology in a Continuous Delivery WorldApplication Security Epistemology in a Continuous Delivery World
Application Security Epistemology in a Continuous Delivery World
James Wickett
 
Velocity EU 2012 Escalating Scenarios: Outage Handling Pitfalls
Velocity EU 2012 Escalating Scenarios: Outage Handling PitfallsVelocity EU 2012 Escalating Scenarios: Outage Handling Pitfalls
Velocity EU 2012 Escalating Scenarios: Outage Handling Pitfalls
John Allspaw
 
Monitoring and observability
Monitoring and observabilityMonitoring and observability
Monitoring and observability
Theo Schlossnagle
 
Velocity 2013 london developer-friendly web performance testing in continuou...
Velocity 2013 london  developer-friendly web performance testing in continuou...Velocity 2013 london  developer-friendly web performance testing in continuou...
Velocity 2013 london developer-friendly web performance testing in continuou...
Michael Klepikov
 
Velocity Europe 2013: Beyond Pretty Charts: Analytics for the cloud infrastru...
Velocity Europe 2013: Beyond Pretty Charts: Analytics for the cloud infrastru...Velocity Europe 2013: Beyond Pretty Charts: Analytics for the cloud infrastru...
Velocity Europe 2013: Beyond Pretty Charts: Analytics for the cloud infrastru...
tboubez
 

Viewers also liked (20)

Continuous Security Testing
Continuous Security TestingContinuous Security Testing
Continuous Security Testing
 
Bring the Noise
Bring the NoiseBring the Noise
Bring the Noise
 
Rugged Driven Development with Gauntlt
Rugged Driven Development with GauntltRugged Driven Development with Gauntlt
Rugged Driven Development with Gauntlt
 
Be Mean To Your Code: Rugged Development & You
Be Mean To Your Code: Rugged Development & YouBe Mean To Your Code: Rugged Development & You
Be Mean To Your Code: Rugged Development & You
 
Why Page Speed Isn't Enough - Tim Morrow - Velocity Europe 2012
Why Page Speed Isn't Enough - Tim Morrow - Velocity Europe 2012Why Page Speed Isn't Enough - Tim Morrow - Velocity Europe 2012
Why Page Speed Isn't Enough - Tim Morrow - Velocity Europe 2012
 
Performance and Metrics at Lonely Planet
Performance and Metrics at Lonely PlanetPerformance and Metrics at Lonely Planet
Performance and Metrics at Lonely Planet
 
Velocity EU 2013 What is the velocity of an unladen swallow?
Velocity EU 2013 What is the velocity of an unladen swallow?Velocity EU 2013 What is the velocity of an unladen swallow?
Velocity EU 2013 What is the velocity of an unladen swallow?
 
Data viz as_interface_makoto_inoue
Data viz as_interface_makoto_inoueData viz as_interface_makoto_inoue
Data viz as_interface_makoto_inoue
 
Are Today’s Good Practices… Tomorrow’s Performance Anti-Patterns?
Are Today’s Good Practices… Tomorrow’s Performance Anti-Patterns?Are Today’s Good Practices… Tomorrow’s Performance Anti-Patterns?
Are Today’s Good Practices… Tomorrow’s Performance Anti-Patterns?
 
MeasureWorks - Velocity Conference Europe 2012 - a Web Performance dashboard ...
MeasureWorks - Velocity Conference Europe 2012 - a Web Performance dashboard ...MeasureWorks - Velocity Conference Europe 2012 - a Web Performance dashboard ...
MeasureWorks - Velocity Conference Europe 2012 - a Web Performance dashboard ...
 
Velocity EU 2012 - Third party scripts and you
Velocity EU 2012 - Third party scripts and youVelocity EU 2012 - Third party scripts and you
Velocity EU 2012 - Third party scripts and you
 
Integrating multiple CDNs at Etsy
Integrating multiple CDNs at EtsyIntegrating multiple CDNs at Etsy
Integrating multiple CDNs at Etsy
 
DevOps Proverbs - DevOps Wisdom, Principles and Practices
DevOps Proverbs - DevOps Wisdom, Principles and PracticesDevOps Proverbs - DevOps Wisdom, Principles and Practices
DevOps Proverbs - DevOps Wisdom, Principles and Practices
 
Getting 100B Metrics to Disk
Getting 100B Metrics to DiskGetting 100B Metrics to Disk
Getting 100B Metrics to Disk
 
Serverless Security: Doing Security in 100 milliseconds
Serverless Security: Doing Security in 100 millisecondsServerless Security: Doing Security in 100 milliseconds
Serverless Security: Doing Security in 100 milliseconds
 
Application Security Epistemology in a Continuous Delivery World
Application Security Epistemology in a Continuous Delivery WorldApplication Security Epistemology in a Continuous Delivery World
Application Security Epistemology in a Continuous Delivery World
 
Velocity EU 2012 Escalating Scenarios: Outage Handling Pitfalls
Velocity EU 2012 Escalating Scenarios: Outage Handling PitfallsVelocity EU 2012 Escalating Scenarios: Outage Handling Pitfalls
Velocity EU 2012 Escalating Scenarios: Outage Handling Pitfalls
 
Monitoring and observability
Monitoring and observabilityMonitoring and observability
Monitoring and observability
 
Velocity 2013 london developer-friendly web performance testing in continuou...
Velocity 2013 london  developer-friendly web performance testing in continuou...Velocity 2013 london  developer-friendly web performance testing in continuou...
Velocity 2013 london developer-friendly web performance testing in continuou...
 
Velocity Europe 2013: Beyond Pretty Charts: Analytics for the cloud infrastru...
Velocity Europe 2013: Beyond Pretty Charts: Analytics for the cloud infrastru...Velocity Europe 2013: Beyond Pretty Charts: Analytics for the cloud infrastru...
Velocity Europe 2013: Beyond Pretty Charts: Analytics for the cloud infrastru...
 

Similar to Be Mean to Your Code with Gauntlt and the Rugged Way // Velocity EU 2013 Workshop

[4developers2016] - Taking advantage of microservice architecture and DynamoD...
[4developers2016] - Taking advantage of microservice architecture and DynamoD...[4developers2016] - Taking advantage of microservice architecture and DynamoD...
[4developers2016] - Taking advantage of microservice architecture and DynamoD...
PROIDEA
 
4Developers: Adam Sznajder Taking advantage of microservice architecture and ...
4Developers: Adam Sznajder Taking advantage of microservice architecture and ...4Developers: Adam Sznajder Taking advantage of microservice architecture and ...
4Developers: Adam Sznajder Taking advantage of microservice architecture and ...
PROIDEA
 
4Developers: Adam Sznajder- Taking advantage of microservice architecture and...
4Developers: Adam Sznajder- Taking advantage of microservice architecture and...4Developers: Adam Sznajder- Taking advantage of microservice architecture and...
4Developers: Adam Sznajder- Taking advantage of microservice architecture and...
PROIDEA
 
infraXstructure: Adam Sznajder, Optymalizacja kosztów w Amazon Web Services -...
infraXstructure: Adam Sznajder, Optymalizacja kosztów w Amazon Web Services -...infraXstructure: Adam Sznajder, Optymalizacja kosztów w Amazon Web Services -...
infraXstructure: Adam Sznajder, Optymalizacja kosztów w Amazon Web Services -...
PROIDEA
 
Open Data & Health: food for thoughts
Open Data & Health: food for thoughtsOpen Data & Health: food for thoughts
Open Data & Health: food for thoughts
Matteo Brunati
 
InterCon 2016 - Internet of “Thinking” – IoT sem BS com ESP8266
InterCon 2016 - Internet of “Thinking” – IoT sem BS com ESP8266InterCon 2016 - Internet of “Thinking” – IoT sem BS com ESP8266
InterCon 2016 - Internet of “Thinking” – IoT sem BS com ESP8266
iMasters
 
InterCon 2016 - Blockchain e smart-contracts em Ethereu
InterCon 2016 - Blockchain e smart-contracts em EthereuInterCon 2016 - Blockchain e smart-contracts em Ethereu
InterCon 2016 - Blockchain e smart-contracts em Ethereu
iMasters
 
Wearable Tech in Libraries slideshare
Wearable Tech in Libraries slideshareWearable Tech in Libraries slideshare
Wearable Tech in Libraries slideshare
Kira Smith
 
OVS Spa - A case of reshoring
OVS Spa - A case of reshoringOVS Spa - A case of reshoring
OVS Spa - A case of reshoring
InnovativeMolecules
 
Testifire_XTR2_Brochure.pdf
Testifire_XTR2_Brochure.pdfTestifire_XTR2_Brochure.pdf
Testifire_XTR2_Brochure.pdf
Hans Bronkhorst
 
Debugging Your CDN - Austin Spires at Fastly Altitude 2015
Debugging Your CDN - Austin Spires at Fastly Altitude 2015Debugging Your CDN - Austin Spires at Fastly Altitude 2015
Debugging Your CDN - Austin Spires at Fastly Altitude 2015
Fastly
 
Tata Eden Court Phase 2 – New Housing Project at Kolkata Call 9555666555
Tata Eden Court Phase 2 – New Housing Project at Kolkata Call 9555666555Tata Eden Court Phase 2 – New Housing Project at Kolkata Call 9555666555
Tata Eden Court Phase 2 – New Housing Project at Kolkata Call 9555666555
Pankaj Negi
 
Frankrike ..
Frankrike ..Frankrike ..
Frankrike ..
Johan Andersson
 
Presentacion tectonica de placas.pptx
Presentacion tectonica de placas.pptxPresentacion tectonica de placas.pptx
Presentacion tectonica de placas.pptx
yecepeda
 
LA TECTONICA DE PLACAS CIENCIAS DE LA TIERRA.pptx
LA TECTONICA DE PLACAS CIENCIAS DE LA TIERRA.pptxLA TECTONICA DE PLACAS CIENCIAS DE LA TIERRA.pptx
LA TECTONICA DE PLACAS CIENCIAS DE LA TIERRA.pptx
YajairaCepeda2
 
Lattimore_Walter_PPP4.4
Lattimore_Walter_PPP4.4Lattimore_Walter_PPP4.4
Lattimore_Walter_PPP4.4
Walter Lattimore
 
Catalogue thang tải thức ăn Ryoden Dumbwaiter G-Series
Catalogue thang tải thức ăn Ryoden Dumbwaiter G-SeriesCatalogue thang tải thức ăn Ryoden Dumbwaiter G-Series
Catalogue thang tải thức ăn Ryoden Dumbwaiter G-Series
ThangmaythietbiThang
 
Foster kaitlin 4.4
Foster kaitlin 4.4Foster kaitlin 4.4
Foster kaitlin 4.4
Kaitlin Foster
 
Behler Richard PPP
Behler Richard PPPBehler Richard PPP
Behler Richard PPP
Richard Behler
 
300k w transmitter
300k w transmitter300k w transmitter
300k w transmitter
R.Narasimha Swamy
 

Similar to Be Mean to Your Code with Gauntlt and the Rugged Way // Velocity EU 2013 Workshop (20)

[4developers2016] - Taking advantage of microservice architecture and DynamoD...
[4developers2016] - Taking advantage of microservice architecture and DynamoD...[4developers2016] - Taking advantage of microservice architecture and DynamoD...
[4developers2016] - Taking advantage of microservice architecture and DynamoD...
 
4Developers: Adam Sznajder Taking advantage of microservice architecture and ...
4Developers: Adam Sznajder Taking advantage of microservice architecture and ...4Developers: Adam Sznajder Taking advantage of microservice architecture and ...
4Developers: Adam Sznajder Taking advantage of microservice architecture and ...
 
4Developers: Adam Sznajder- Taking advantage of microservice architecture and...
4Developers: Adam Sznajder- Taking advantage of microservice architecture and...4Developers: Adam Sznajder- Taking advantage of microservice architecture and...
4Developers: Adam Sznajder- Taking advantage of microservice architecture and...
 
infraXstructure: Adam Sznajder, Optymalizacja kosztów w Amazon Web Services -...
infraXstructure: Adam Sznajder, Optymalizacja kosztów w Amazon Web Services -...infraXstructure: Adam Sznajder, Optymalizacja kosztów w Amazon Web Services -...
infraXstructure: Adam Sznajder, Optymalizacja kosztów w Amazon Web Services -...
 
Open Data & Health: food for thoughts
Open Data & Health: food for thoughtsOpen Data & Health: food for thoughts
Open Data & Health: food for thoughts
 
InterCon 2016 - Internet of “Thinking” – IoT sem BS com ESP8266
InterCon 2016 - Internet of “Thinking” – IoT sem BS com ESP8266InterCon 2016 - Internet of “Thinking” – IoT sem BS com ESP8266
InterCon 2016 - Internet of “Thinking” – IoT sem BS com ESP8266
 
InterCon 2016 - Blockchain e smart-contracts em Ethereu
InterCon 2016 - Blockchain e smart-contracts em EthereuInterCon 2016 - Blockchain e smart-contracts em Ethereu
InterCon 2016 - Blockchain e smart-contracts em Ethereu
 
Wearable Tech in Libraries slideshare
Wearable Tech in Libraries slideshareWearable Tech in Libraries slideshare
Wearable Tech in Libraries slideshare
 
OVS Spa - A case of reshoring
OVS Spa - A case of reshoringOVS Spa - A case of reshoring
OVS Spa - A case of reshoring
 
Testifire_XTR2_Brochure.pdf
Testifire_XTR2_Brochure.pdfTestifire_XTR2_Brochure.pdf
Testifire_XTR2_Brochure.pdf
 
Debugging Your CDN - Austin Spires at Fastly Altitude 2015
Debugging Your CDN - Austin Spires at Fastly Altitude 2015Debugging Your CDN - Austin Spires at Fastly Altitude 2015
Debugging Your CDN - Austin Spires at Fastly Altitude 2015
 
Tata Eden Court Phase 2 – New Housing Project at Kolkata Call 9555666555
Tata Eden Court Phase 2 – New Housing Project at Kolkata Call 9555666555Tata Eden Court Phase 2 – New Housing Project at Kolkata Call 9555666555
Tata Eden Court Phase 2 – New Housing Project at Kolkata Call 9555666555
 
Frankrike ..
Frankrike ..Frankrike ..
Frankrike ..
 
Presentacion tectonica de placas.pptx
Presentacion tectonica de placas.pptxPresentacion tectonica de placas.pptx
Presentacion tectonica de placas.pptx
 
LA TECTONICA DE PLACAS CIENCIAS DE LA TIERRA.pptx
LA TECTONICA DE PLACAS CIENCIAS DE LA TIERRA.pptxLA TECTONICA DE PLACAS CIENCIAS DE LA TIERRA.pptx
LA TECTONICA DE PLACAS CIENCIAS DE LA TIERRA.pptx
 
Lattimore_Walter_PPP4.4
Lattimore_Walter_PPP4.4Lattimore_Walter_PPP4.4
Lattimore_Walter_PPP4.4
 
Catalogue thang tải thức ăn Ryoden Dumbwaiter G-Series
Catalogue thang tải thức ăn Ryoden Dumbwaiter G-SeriesCatalogue thang tải thức ăn Ryoden Dumbwaiter G-Series
Catalogue thang tải thức ăn Ryoden Dumbwaiter G-Series
 
Foster kaitlin 4.4
Foster kaitlin 4.4Foster kaitlin 4.4
Foster kaitlin 4.4
 
Behler Richard PPP
Behler Richard PPPBehler Richard PPP
Behler Richard PPP
 
300k w transmitter
300k w transmitter300k w transmitter
300k w transmitter
 

More from James Wickett

A Pragmatic Union: Security and SRE
A Pragmatic Union: Security and SREA Pragmatic Union: Security and SRE
A Pragmatic Union: Security and SRE
James Wickett
 
A Way to Think about DevSecOps: MEASURE
A Way to Think about DevSecOps: MEASUREA Way to Think about DevSecOps: MEASURE
A Way to Think about DevSecOps: MEASURE
James Wickett
 
The Security, DevOps, and Chaos Playbook to Change the World
The Security, DevOps, and Chaos Playbook to Change the WorldThe Security, DevOps, and Chaos Playbook to Change the World
The Security, DevOps, and Chaos Playbook to Change the World
James Wickett
 
Pragmatic Pipeline Security
Pragmatic Pipeline SecurityPragmatic Pipeline Security
Pragmatic Pipeline Security
James Wickett
 
A Tale of Woe, Chaos, and Business
A Tale of Woe, Chaos, and BusinessA Tale of Woe, Chaos, and Business
A Tale of Woe, Chaos, and Business
James Wickett
 
A DevSecOps Tale of Business, Engineering, and People
A DevSecOps Tale of Business, Engineering, and PeopleA DevSecOps Tale of Business, Engineering, and People
A DevSecOps Tale of Business, Engineering, and People
James Wickett
 
The New Ways of DevSecOps - The Secure Dev 2019
The New Ways of DevSecOps - The Secure Dev 2019The New Ways of DevSecOps - The Secure Dev 2019
The New Ways of DevSecOps - The Secure Dev 2019
James Wickett
 
NewOps Days 2019: The New Ways of Chaos, Security, and DevOps
NewOps Days 2019: The New Ways of Chaos, Security, and DevOpsNewOps Days 2019: The New Ways of Chaos, Security, and DevOps
NewOps Days 2019: The New Ways of Chaos, Security, and DevOps
James Wickett
 
The New Ways of Chaos, Security, and DevOps
The New Ways of Chaos, Security, and DevOpsThe New Ways of Chaos, Security, and DevOps
The New Ways of Chaos, Security, and DevOps
James Wickett
 
DevOpsDays Austin: Security in the FaaS Lane
DevOpsDays Austin: Security in the FaaS LaneDevOpsDays Austin: Security in the FaaS Lane
DevOpsDays Austin: Security in the FaaS Lane
James Wickett
 
The Seven Habits of the Highly Effective DevSecOp
The Seven Habits of the Highly Effective DevSecOpThe Seven Habits of the Highly Effective DevSecOp
The Seven Habits of the Highly Effective DevSecOp
James Wickett
 
Serverless Security: A How-to Guide @ SnowFROC 2019
Serverless Security: A How-to Guide @ SnowFROC 2019Serverless Security: A How-to Guide @ SnowFROC 2019
Serverless Security: A How-to Guide @ SnowFROC 2019
James Wickett
 
Release Your Inner DevSecOp
Release Your Inner DevSecOpRelease Your Inner DevSecOp
Release Your Inner DevSecOp
James Wickett
 
Security in the FaaS Lane
Security in the FaaS LaneSecurity in the FaaS Lane
Security in the FaaS Lane
James Wickett
 
The New Security Playbook: DevSecOps
The New Security Playbook: DevSecOpsThe New Security Playbook: DevSecOps
The New Security Playbook: DevSecOps
James Wickett
 
The Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CDThe Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CD
James Wickett
 
Adversary Driven Defense in the Real World
Adversary Driven Defense in the Real WorldAdversary Driven Defense in the Real World
Adversary Driven Defense in the Real World
James Wickett
 
The DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD PipelineThe DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD Pipeline
James Wickett
 
DevSecOps and the CI/CD Pipeline
 DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline
James Wickett
 
The State of DevSecOps in 2018
The State of DevSecOps in 2018The State of DevSecOps in 2018
The State of DevSecOps in 2018
James Wickett
 

More from James Wickett (20)

A Pragmatic Union: Security and SRE
A Pragmatic Union: Security and SREA Pragmatic Union: Security and SRE
A Pragmatic Union: Security and SRE
 
A Way to Think about DevSecOps: MEASURE
A Way to Think about DevSecOps: MEASUREA Way to Think about DevSecOps: MEASURE
A Way to Think about DevSecOps: MEASURE
 
The Security, DevOps, and Chaos Playbook to Change the World
The Security, DevOps, and Chaos Playbook to Change the WorldThe Security, DevOps, and Chaos Playbook to Change the World
The Security, DevOps, and Chaos Playbook to Change the World
 
Pragmatic Pipeline Security
Pragmatic Pipeline SecurityPragmatic Pipeline Security
Pragmatic Pipeline Security
 
A Tale of Woe, Chaos, and Business
A Tale of Woe, Chaos, and BusinessA Tale of Woe, Chaos, and Business
A Tale of Woe, Chaos, and Business
 
A DevSecOps Tale of Business, Engineering, and People
A DevSecOps Tale of Business, Engineering, and PeopleA DevSecOps Tale of Business, Engineering, and People
A DevSecOps Tale of Business, Engineering, and People
 
The New Ways of DevSecOps - The Secure Dev 2019
The New Ways of DevSecOps - The Secure Dev 2019The New Ways of DevSecOps - The Secure Dev 2019
The New Ways of DevSecOps - The Secure Dev 2019
 
NewOps Days 2019: The New Ways of Chaos, Security, and DevOps
NewOps Days 2019: The New Ways of Chaos, Security, and DevOpsNewOps Days 2019: The New Ways of Chaos, Security, and DevOps
NewOps Days 2019: The New Ways of Chaos, Security, and DevOps
 
The New Ways of Chaos, Security, and DevOps
The New Ways of Chaos, Security, and DevOpsThe New Ways of Chaos, Security, and DevOps
The New Ways of Chaos, Security, and DevOps
 
DevOpsDays Austin: Security in the FaaS Lane
DevOpsDays Austin: Security in the FaaS LaneDevOpsDays Austin: Security in the FaaS Lane
DevOpsDays Austin: Security in the FaaS Lane
 
The Seven Habits of the Highly Effective DevSecOp
The Seven Habits of the Highly Effective DevSecOpThe Seven Habits of the Highly Effective DevSecOp
The Seven Habits of the Highly Effective DevSecOp
 
Serverless Security: A How-to Guide @ SnowFROC 2019
Serverless Security: A How-to Guide @ SnowFROC 2019Serverless Security: A How-to Guide @ SnowFROC 2019
Serverless Security: A How-to Guide @ SnowFROC 2019
 
Release Your Inner DevSecOp
Release Your Inner DevSecOpRelease Your Inner DevSecOp
Release Your Inner DevSecOp
 
Security in the FaaS Lane
Security in the FaaS LaneSecurity in the FaaS Lane
Security in the FaaS Lane
 
The New Security Playbook: DevSecOps
The New Security Playbook: DevSecOpsThe New Security Playbook: DevSecOps
The New Security Playbook: DevSecOps
 
The Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CDThe Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CD
 
Adversary Driven Defense in the Real World
Adversary Driven Defense in the Real WorldAdversary Driven Defense in the Real World
Adversary Driven Defense in the Real World
 
The DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD PipelineThe DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD Pipeline
 
DevSecOps and the CI/CD Pipeline
 DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline
 
The State of DevSecOps in 2018
The State of DevSecOps in 2018The State of DevSecOps in 2018
The State of DevSecOps in 2018
 

Recently uploaded

Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving
 
Principle of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptxPrinciple of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptx
BibashShahi
 
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptxPRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
christinelarrosa
 
Demystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through StorytellingDemystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through Storytelling
Enterprise Knowledge
 
ScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking ReplicationScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking Replication
ScyllaDB
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
operationspcvita
 
Christine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptxChristine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptx
christinelarrosa
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
Javier Junquera
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
DianaGray10
 
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeckPoznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
FilipTomaszewski5
 
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
AlexanderRichford
 
Discover the Unseen: Tailored Recommendation of Unwatched Content
Discover the Unseen: Tailored Recommendation of Unwatched ContentDiscover the Unseen: Tailored Recommendation of Unwatched Content
Discover the Unseen: Tailored Recommendation of Unwatched Content
ScyllaDB
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
Pablo Gómez Abajo
 
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving
 
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users",  Kevin Goedecke"Scaling RAG Applications to serve millions of users",  Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
Fwdays
 
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and BioinformaticiansBiomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Neo4j
 
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid ResearchHarnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Neo4j
 
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search",  Taras Kloba"NATO Hackathon Winner: AI-Powered Drug Search",  Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
Fwdays
 
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
DanBrown980551
 
Day 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio FundamentalsDay 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio Fundamentals
UiPathCommunity
 

Recently uploaded (20)

Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
 
Principle of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptxPrinciple of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptx
 
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptxPRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
 
Demystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through StorytellingDemystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through Storytelling
 
ScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking ReplicationScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking Replication
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
 
Christine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptxChristine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptx
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
 
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeckPoznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
 
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
 
Discover the Unseen: Tailored Recommendation of Unwatched Content
Discover the Unseen: Tailored Recommendation of Unwatched ContentDiscover the Unseen: Tailored Recommendation of Unwatched Content
Discover the Unseen: Tailored Recommendation of Unwatched Content
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
 
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
 
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users",  Kevin Goedecke"Scaling RAG Applications to serve millions of users",  Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
 
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and BioinformaticiansBiomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
 
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid ResearchHarnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
 
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search",  Taras Kloba"NATO Hackathon Winner: AI-Powered Drug Search",  Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
 
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
 
Day 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio FundamentalsDay 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio Fundamentals
 

Be Mean to Your Code with Gauntlt and the Rugged Way // Velocity EU 2013 Workshop

  • 1. BE MEAN TO YOUR CODE WITH G A U N T LT A N D T H E R U G G E D W AY JAMES WICKETT // @WICKETT @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 2. @WICKETT • Austin, TX • Gauntlt Core Team • LASCON Founder • Cloud Austin Organizer • DevOps Days Austin Organizer • DevOps, Ruby, AppSec, Chef, Cucumber, Gauntlt @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 3. REQUIREMENTS OPTION 1 OPTION 2 • Virtual Box • Ruby 1.9.3 • Vagrant • Git OR • Gauntlt Box • Bundler • Pre-downloaded • Reliable Internet @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 4. INSTRUCTIONS bit.ly/gauntlt-demo-instructions @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 5. W H Y D O E S T H I S M AT T E R ? @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 6. P E O P L E M AT T E R @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 7. T H E B R O K E N W I N D O W FA L L A C Y –HENRY HAZLITT @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 8. BESIDES LOSS, BREACHES CAUSE CYNICISM AND DISTRUST @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 9. SOFTWARE HAS CHANGED @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 10. SOFTWARE AS A SERVICE @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 11. SOFTWARE AS BRICOLAGE @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 12. B O LT O N F E AT U R E A P P R O A C H @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 13. FRAGILE CODE AS A SERVICE @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 14. D E P L O Y T I M E L I N E S H AV E CHANGED @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 15. D E V A N D O P S H AV E F O U N D A NEW RELIGION @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 16. SECURITY HAS NOT CHANGED @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 17. C O M P L I A N C E D R I V E N C U LT U R E : PCI, SOX, … @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 18. PEOPLE PROCESS TOOLS @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 19. W E H AV E A P E O P L E P R O B L E M @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 20. T H E R AT I O P R O B L E M @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 21. D E V: O P S : S E C U R I T Y 100:10:1 @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 22. LANGUAGE GAP @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 23. S E C U R I T Y D O E S N ' T A L W AY S SPEAK THE LANGUAGE OF THE BIZ / DEV / OPS TEAMS @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 24. PEOPLE PROCESS TOOLS @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 25. A B D I C AT I N G R E S P O N S I B I L I T Y PROCESS @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 26. YOU NEED EXPERTS TO TEST FOR SECURITY @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 27. FORMALIZED VIA AUDITORS AND C O M P L I A N C E A N N U A L LY @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 28. PEOPLE PROCESS TOOLS @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 29. DEV -> SVN || GIT @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 30. OPS -> TXT || WIKIS @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 31. DEV -> GIT <- OPS @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 32. SECURITY -> SOURCEFORGE! @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 33. S I G N S T H AT S E C U R I T Y I S MOVING INTO A NEW ERA @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 34. A N A LY T I C S , M O N I T O R S , L O G S , T E L E M E T R Y, TESTING, CONFIG MANAGEMENT @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 35. AT TA C K C H A I N S A N D S I G N A L S http://www.youtube.com/watch?v=jQblKuMuS0Y @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 36. V U L N E R A B I L I T Y E X P L O I TAT I O N I S A TIMELINE @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 37. DISCOVERY VULNERABILITY @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT EXPLOIT
  • 38. S Q L S Y N TA X E R R O R S D B TA B L E N A M E S LARGE RESPONSE SIZES @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 39. I N S T R U M E N T F U L L AT TA C K C H A I N S A N D W AT C H F O R S I G N A L S @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 40. RUGGED @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 41. @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 42. http://www.slideshare.net/wickett/putting-rugged-into-your-devops-toolchain @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 44. DETECTION EARLIER @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 45. security tools today @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 46. E N T E R G A U N T LT @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 47. PEOPLE PROCESS TOOLS @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 48. G A U N T LT I S A N O P I N I O N AT E D FRAMEWORK TO DO RUGGED TESTING @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 49. G A U N T LT = S E C U R I T Y + C U C U M B E R @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT http://www.flickr.com/photos/35231744@N00/286858571/
  • 50. CODE BUILD TEST DEPLOY FEEDBACK @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 51. CODE BUILD TEST DEPLOY ~12 MOS. LATER SECURITY @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 52. CODE BUILD TEST SECURITY DEPLOY FEEDBACK @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 53. A STORY FROM 2010… @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 54. DEVOPS (+ SECURITY!) @ernestmueller, @iteration1, @bproverb and friends @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 55. Ruby Script REST ENDPOINTS Questionable Payloads Invalid Sessions Large Payloads @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 56. COLLECTION OF SCRIPTS MERGED INTO OUR TEST RUNNER @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 57. IN’S AND OUT’S ARE EASY TO MESS UP @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 58. CUCUMBER AND OUTSIDE IN TESTING @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 59. @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 60. T H E S TA R T O F G A U N T LT @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 61. OUTSIDE IN TESTING FOR SECURITY TOOLS @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 62. OUTPUT FROM SECURITY TOOLS IS HARD TO DECIPHER @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 63. BE MEAN TO YOUR CODE @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 64. GARMR NMAP CODE @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT ARACHNI SQLMAP
  • 65. GARMR NMAP ARACHNI SQLMAP CODE @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 66. GARMR NMAP ARACHNI SQLMAP CODE @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 67. GARMR NMAP CODE @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT ARACHNI SQLMAP CODE CODE
  • 68. @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 69. B U T W H AT A B O U T T H E P E O P L E @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 70. C O N V E R S AT I O N A N D C O L L A B O R AT I O N I S T H E C O R E O F G A U N T LT @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 71. DEV *.attack OPS SECURITY @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT • Execution Knowledge • Testing Logic Captured • Repeatable
  • 72. G A U N T LT I N A C T I O N @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 73. *.attack something.attack else.attack @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 74. Attack Structure Feature Description Background Setup Scenario Logic @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 75. Attack Logic Given When Then @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 76. Attack Step: Given Setup steps Check Resource Available Given “arachni” is installed @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 77. Attack Step: When Action steps When I launch an “arachni-xss” attack @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 78. Attack Step: Then Parsing Steps Then the output should not contain “fail” @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 79. G A U N T LT P H I L O S O P H Y @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 80. RUN SECURITY TOOLS IN A R E P E ATA B L E , E A S Y T O R E A D W AY @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 81. G A U N T LT D O E S N O T I N S TA L L TOOLS @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 82. G A U N T LT S H I P W I T H P R E C A N N E D AT TA C K S A N D S T E P S @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 83. B E PA R T O F T H E C I / C D P I P E L I N E @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 84. H A N D L E S T D I N , S T D O U T, A N D E X I T S TAT U S @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 85. G A U N T LT I N U S E @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 86. AT A G A M E D E V S H O P • Check for XSS (cross site scripting) [Arachni] • Check for new login pages [Garmr] • Check for insecure refs in login flows [Garmr] • Extended XSS testing [Custom Arachni] (PR coming soon) @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 87. MENTOR GRAPHICS • Smoke Test integration on environment build • Checks REST services [curl] • Tests for XSS [arachni] • Injection attacks [sqlmap, dirb] • Misconfiguration [dirb] • SSL checks [sslyze] @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 88. AT C A B F O R W A R D • Ruby Dev Shop • Integrated into CI for customers • GITHUB -> TravisCI -> Unit Tests / Integration Tests / Gauntlt @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 89. G I T H U B . C O M / G A U N T LT / G A U N T LT @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 90. $ gem install gauntlt @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 91. ! Given Feature: nmap attacks for example.com Background: Given "nmap" is installed And the following profile: | name | value | | hostname | example.com | ! When Then When Then Scenario: Verify server is open on expected ports When I launch an "nmap" attack with: """ nmap -F <hostname> """ Then the output should contain: """ 80/tcp open http """ Scenario: Verify that there are no unexpected ports open When I launch an "nmap" attack with: """ nmap -F <hostname> """ Then the output should not contain: """ 25/tcp """ @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 92. HANDS ON @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 93. EVERYTHING YOU NEED… http://bit.ly/gauntlt-demo-instructions @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 94. OPTION 1 @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 95. OPTION 1 - CONTINUED @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 96. OPTION 2 @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 97. $ vagrant ssh ! vagrant@precise32:~$ @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 98. $ cd gauntlt-demo @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 99. $ rvm use 1.9.3 @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 100. 04_Hello World with Gauntlt.md $ cd ./examples $ gauntlt ./hello_world/hello_world.attack @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 101. @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 102. @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 103. @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 104. @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 105. @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 106. @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 107. @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 108. @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 109. $ gauntlt --steps /^"(w+)" is installed in my path$/ /^"arachni" is installed$/ /^"curl" is installed$/ /^"dirb" is installed$/ /^"garmr" is installed$/ /^"nmap" is installed$/ /^"sqlmap" is installed$/ /^"sslyze" is installed$/ /^I launch (?:a|an) "arachni" attack with:$/ /^I launch (?:a|an) "arachni-(.*?)" attack$/ /^I launch (?:a|an) "curl" attack with:$/ /^I launch (?:a|an) "dirb" attack with:$/ /^I launch (?:a|an) "garmr" attack with:$/ /^I launch (?:a|an) "generic" attack with:$/ /^I launch (?:a|an) "nmap" attack with:$/ /^I launch (?:a|an) "nmap-(.*?)" attack$/ /^I launch (?:a|an) "sqlmap" attack with:$/ /^I launch (?:a|an) "sslyze" attack with:$/ /^the "(.*?)" command line binary is installed$/ /^the DIRB_WORDLISTS environment variable is set$/ /^the file "(.*?)" should contain XML:$/ /^the file "(.*?)" should not contain XML:$/ /^the following cookies should be received:$/ /^the following environment variables:$/ /^the following profile:$/ @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 110. @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 111. @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 112. @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 113. @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 114. @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 115. @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 116. @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 117. @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 118. @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 119. @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 120. bundle exec gauntlt --format html > out.html @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 121. @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 122. • Google Group > https://groups.google.com/d/forum/gauntlt • Wiki > https://github.com/gauntlt/gauntlt/wiki • IRC > #gauntlt on freenode • Weekly hangout > http://bit.ly/gauntlt-hangout • Issue tracking > http://github.com/gauntlt/gauntlt @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
  • 123. B E TA I N V I T E T O U D E M Y C L A S S ? E M A I L J A M E S @ G A U N T LT. O R G @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT