Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Be Mean to Your Code - DevOps Days Austin 2013

1,046 views

Published on

presented at DevOps Days Austin 2013

Published in: Technology, News & Politics
  • Be the first to comment

Be Mean to Your Code - DevOps Days Austin 2013

  1. 1. Be Mean toYour Codewith Gauntlt
  2. 2. free phone calls
  3. 3. 1337 tools
  4. 4. “[RISK ASSESSMENT] INTRODUCES ADANGEROUS FALLACY:THATSTRUCTURED INADEQUACY ISALMOST AS GOOD AS ADEQUACYAND THAT UNDERFUNDEDSECURITY EFFORTS PLUS RISKMANAGEMENT ARE ABOUT ASGOOD AS PROPERLY FUNDEDSECURITY WORK” - MICHAL ZALEWSKI
  5. 5. “Is this Secure?”-Your Customer“It’s Certified”-You
  6. 6. there’s a better way
  7. 7. Your appsslyzedirbnmapcurlsqlmapgarmrYougenericPut your code through the Gauntlet
  8. 8. security tools are confusing
  9. 9. Gauntlt allows dev and ops andsecurity to communicate
  10. 10. $ gem install gauntltinstall gauntlt
  11. 11. Feature: nmap attacks for example.comBackground:Given "nmap" is installedAnd the following profile:| name | value || hostname | example.com || tcp_ping_ports | 22,25,80,443 |Scenario: Verify server is open on expected portsWhen I launch an "nmap" attack with:"""nmap -F <hostname>"""Then the output should contain:"""80/tcp open https"""Scenario: Verify that there are no unexpected ports openWhen I launch an "nmap" attack with:"""nmap -F <hostname>"""Then the output should not contain:"""25/tcp"""GivenWhenThenWhenThen
  12. 12. $ gauntltFeature: nmap attacks for example.comBackground:Given "nmap" is installedAnd the following profile:| name | value || hostname | example.com || tcp_ping_ports | 22,25,80,443 |Scenario: Verify server is open on expected portsWhen I launch an "nmap" attack with:"""nmap -F www.example.com"""Then the output should contain:"""443/tcp open https"""1 scenario (1 failed)5 steps (1 failed, 4 passed)0m18.341srunning gauntlt with failing tests
  13. 13. $ gauntltFeature: nmap attacks for example.comBackground:Given "nmap" is installedAnd the following profile:| name | value || hostname | example.com || tcp_ping_ports | 22,25,80,443 |Scenario: Verify server is open on expected portsWhen I launch an "nmap" attack with:"""nmap -F www.example.com"""Then the output should contain:"""443/tcp open https"""1 scenario (1 passed)5 steps (5 passed)0m18.341srunning gauntlt with passing tests
  14. 14. Feature: nmap attacks for example.comBackground:Given "nmap" is installedAnd the following profile:| name | value || hostname | example.com || tcp_ping_ports | 22,25,80,443 |Scenario: Verify server is open on expected portsWhen I launch an "nmap" attack with:"""nmap -F <hostname>"""Then the output should contain:"""80/tcp open https"""Scenario: Verify that there are no unexpected ports openWhen I launch an "nmap" attack with:"""nmap -F <hostname>"""Then the output should not contain:"""25/tcp"""setup stepsverifytoolsetconfig
  15. 15. Feature: nmap attacks for example.comBackground:Given "nmap" is installedAnd the following profile:| name | value || hostname | example.com || tcp_ping_ports | 22,25,80,443 |Scenario: Verify server is open on expected portsWhen I launch an "nmap" attack with:"""nmap -F <hostname>"""Then the output should contain:"""80/tcp open https"""Scenario: Verify that there are no unexpected ports openWhen I launch an "nmap" attack with:"""nmap -F <hostname>"""Then the output should not contain:"""25/tcp"""attackgetconfig
  16. 16. Feature: nmap attacks for example.comBackground:Given "nmap" is installedAnd the following profile:| name | value || hostname | example.com || tcp_ping_ports | 22,25,80,443 |Scenario: Verify server is open on expected portsWhen I launch an "nmap" attack with:"""nmap -F <hostname>"""Then the output should contain:"""80/tcp open https"""Scenario: Verify that there are no unexpected ports openWhen I launch an "nmap" attack with:"""nmap -F <hostname>"""Then the output should not contain:"""25/tcp"""assertneedlehaystack
  17. 17. Supported ToolscurlnmapsslyzeGarmrdirbgeneric
  18. 18. get started with gauntltgithub/gauntltgauntlt.orgvideostutorials@gauntltIRC #gauntltwehelp!start herecoolvids!
  19. 19. be mean to your codeand win!slideshare.com/wickett

×