Run your code through the Gauntlt

1,227 views

Published on

Presented at DevOps Days Silicon Valley 2013. Gauntlt is a rugged testing framework to integrate security testing into your process. It was spawned out of the Rugged DevOps movement.

Published in: Technology, News & Politics
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,227
On SlideShare
0
From Embeds
0
Number of Embeds
9
Actions
Shares
0
Downloads
4
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Run your code through the Gauntlt

  1. 1. Run yourcode throughtheGauntlt
  2. 2. we facedskilledadversaries
  3. 3. we couldn’twin
  4. 4. Instead ofEngineeringInfoSecbecameActuaries
  5. 5. “It’sCertified”-You
  6. 6. Your punchis soft,justlike yourheart
  7. 7. enterRuggedDevOpsentergauntltPhilosophyTooling
  8. 8. $ gem install gauntltinstall gauntlt
  9. 9. gauntlt islike this
  10. 10. sqlmap sslyzedirbcurlgenericnmapyour appgauntltexit status: 0
  11. 11. Codify yourknowledge(cheat sheets)
  12. 12. securitytesting onevery commit
  13. 13. gauntlt promotescollaboration
  14. 14. running gauntlt with failing tests$ gauntltFeature: nmap attacks for example.comBackground:Given "nmap" is installedAnd the following profile:| name | value || hostname | example.com |Scenario: Verify server is open on expected portsWhen I launch an "nmap" attack with:"""nmap -F www.example.com"""Then the output should contain:"""443/tcp open https"""1 scenario (1 failed)5 steps (1 failed, 4 passed)0m18.341sGivenWhenThen
  15. 15. $ gauntltFeature: nmap attacks for example.comBackground:Given "nmap" is installedAnd the following profile:| name | value || hostname | example.com |Scenario: Verify server is open on expected portsWhen I launch an "nmap" attack with:"""nmap -F www.example.com"""Then the output should contain:"""443/tcp open https"""1 scenario (1 passed)4 steps (4 passed)0m18.341srunning gauntlt with passing tests
  16. 16. @slowFeature: Run dirb scan on a URLScenario: Run a dirb scan looking for commonvulnerabilities in apacheGiven "dirb" is installedAnd the following profile:| name | value || hostname | http://example.com || wordlist | vulns/apache.txt |When I launch a "dirb" attack with:"""dirb <hostname> <dirb_wordlists_path>/<wordlist>"""Then the output should contain:"""FOUND: 0""".htaccess.htpasswd.meta.webaccess_logcgicgi-bincgi-pubcgi-scriptdummyerrorerror_loghtdocshttpdhttpd.pidiconsserver-infoserver-statuslogsmanualprintenvtest-cgitmp~bin~ftp~nobody~root
  17. 17. gauntltcredits:Creators:Mani TadayonJames WickettCommunity Wrangler:Jeremiah ShirkFriends:Jason Chan, NetflixNeil Matatall, Twitter
  18. 18. my_first.attackStart with the gauntlt.orgtutorialAdd your config (hostname,login url, user)Use examples from githubRepeat#gauntlt on freenode@gauntlt on twitter
  19. 19. @wickettjames@gauntlt.orgBe Mean toYour Code!

×