Put your code through     the Gauntlet
gauntlet, n.an attack from all sides
Your web app   You
custom attacks   dirbuster   metasploit             sqlmap  fuzzers                      nessusw3af                       ...
Gauntlet is
an always-attacking environment for    developers
with attacks written ineasy-to-read language
accessible to everyone involved in dev, ops,      security, ...
Gauntlet includes
Why Gauntlet?Security domainknowledge is generallya mystery to dev teams
Gauntlet allows devand ops and security tocommunicate andcollaborate
Gauntlet joins:  The Philosophy of  Rugged Software           &Principles of BehaviorDriven Development
You are now  commissioned as acontributor to Gauntlet
Here is your badge
RUGGED         source: Jessica Allen, http://drbl.in/bgwy
github.com/wickett/gauntlet
Ideas to build
nmap to check ports
crawl site and searchfor passwords in text   (assume fuzzing)
badness with LOIC,slowloris, wget, curl
Include recon, scanning, fuzzing, injecting, load
multi-vector attacks: timing + load, fail       open, ...
these are just ideas, use   your imagination
lets build some tests!
github.com/wickett/gauntlet
Gauntlet Kickoff at Austin OWASP Hackathon
Upcoming SlideShare
Loading in …5
×

Gauntlet Kickoff at Austin OWASP Hackathon

1,955 views

Published on

Gauntlet is the new open source tool to put rugged principles in the dev cycle. The project is just getting kicked off and we are looking for contributors.

Published in: Technology, News & Politics
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,955
On SlideShare
0
From Embeds
0
Number of Embeds
50
Actions
Shares
0
Downloads
10
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Gauntlet Kickoff at Austin OWASP Hackathon

  1. 1. Put your code through the Gauntlet
  2. 2. gauntlet, n.an attack from all sides
  3. 3. Your web app You
  4. 4. custom attacks dirbuster metasploit sqlmap fuzzers nessusw3af nmap Your web app You
  5. 5. Gauntlet is
  6. 6. an always-attacking environment for developers
  7. 7. with attacks written ineasy-to-read language
  8. 8. accessible to everyone involved in dev, ops, security, ...
  9. 9. Gauntlet includes
  10. 10. Why Gauntlet?Security domainknowledge is generallya mystery to dev teams
  11. 11. Gauntlet allows devand ops and security tocommunicate andcollaborate
  12. 12. Gauntlet joins: The Philosophy of Rugged Software &Principles of BehaviorDriven Development
  13. 13. You are now commissioned as acontributor to Gauntlet
  14. 14. Here is your badge
  15. 15. RUGGED source: Jessica Allen, http://drbl.in/bgwy
  16. 16. github.com/wickett/gauntlet
  17. 17. Ideas to build
  18. 18. nmap to check ports
  19. 19. crawl site and searchfor passwords in text (assume fuzzing)
  20. 20. badness with LOIC,slowloris, wget, curl
  21. 21. Include recon, scanning, fuzzing, injecting, load
  22. 22. multi-vector attacks: timing + load, fail open, ...
  23. 23. these are just ideas, use your imagination
  24. 24. lets build some tests!
  25. 25. github.com/wickett/gauntlet

×