gauntlt: go ahead, be mean to your code
DESCRIPTION
5 Minute Talk at Austin Cloud User Group on gauntlt. See http://gauntlt.orgTRANSCRIPT
Gauntlt: Go Ahead, Be Mean to Your Code
Tuesday, December 18, 12
Would you vote for this talk as the best if...?
A. If its funny
B. If it useful to my job
C. Dude, I know you want to win the iPad, you are down to 4 min and 37 seconds, stop surveying and start talking!
Tuesday, December 18, 12
@wickettSr. DevOps Engineer
Mentor Graphics, Embedded Software Division
CISSP, GWAPT, CCSK, GSEC, GCFW
gauntlt.org
Tuesday, December 18, 12
A BRIEF HISTORY OF INFOSEC
Tuesday, December 18, 12
WE HADCINEMA
Tuesday, December 18, 12
WE MADE FREEPHONE CALLS
Tuesday, December 18, 12
WE WERE COOL
Tuesday, December 18, 12
WE COULDN’T STOP THEVIRUSES AND WORMS
Tuesday, December 18, 12
INSTEAD OF ENGINEERING INFOSEC BECAME ACTUARIES
Tuesday, December 18, 12
“[RISK ASSESSMENT] INTRODUCES A DANGEROUS FALLACY: THAT STRUCTURED INADEQUACY IS ALMOST AS GOOD AS ADEQUACY AND THAT UNDERFUNDED SECURITY EFFORTS PLUS RISK MANAGEMENT ARE ABOUT AS GOOD AS PROPERLY FUNDED SECURITY WORK” - MICHAL ZALEWSKI
Tuesday, December 18, 12
“IS THIS SECURE?”-YOUR CUSTOMER
Tuesday, December 18, 12
“ITS CERTIFIED”- YOU
Tuesday, December 18, 12
Tuesday, December 18, 12
NO PAIN, NO GAIN
Tuesday, December 18, 12
Put your code through the Gauntlet
Tuesday, December 18, 12
Your web app You
Put your code through the Gauntlet
Tuesday, December 18, 12
Your web app
sslyze
fuzzers
nmap
curl
sqlmapgarmr
You
w3afgeneric
Put your code through the Gauntlet
Tuesday, December 18, 12
GAUNTLT ALLOWS DEV AND OPS AND SECURITY TO
COMMUNICATE
Tuesday, December 18, 12
$ gem install gauntlt
# download example attacks from github# customize the example attacks # now you can run gauntlt
$ gauntlt
# gauntlt looks for *.attack in its # directory
install gauntlt
Examples > https://github.com/thegauntlet/gauntlt/tree/master/examples
Tuesday, December 18, 12
@slow
Feature: nmap attacks for example.com Background: Given "nmap" is installed And the following profile: | name | value | | hostname | example.com | | tcp_ping_ports | 22,25,80,443 |
Scenario: Verify server is open on expected ports When I launch an "nmap" attack with: """ nmap -F <hostname> """ Then the output should contain: """ 80/tcp open https """ Scenario: Verify that there are no unexpected ports open When I launch an "nmap" attack with: """ nmap -F <hostname> """ Then the output should not contain: """ 25/tcp """
nmap.attack
Tuesday, December 18, 12
wickett$ gauntlt
@slowFeature: nmap attacks for example.com
Background: Given "nmap" is installed And the following profile: | name | value | | hostname | example.com | | tcp_ping_ports | 22,25,80,443 |
Scenario: Verify server is open on expected ports When I launch an "nmap" attack with: """ nmap -F www.example.com """ Then the output should contain: """ 443/tcp open https """
1 scenario (1 failed)5 steps (1 failed, 4 passed)0m18.341s
running gauntlt with failing tests
Tuesday, December 18, 12
wickett$ gauntlt
@slowFeature: nmap attacks for example.com
Background: Given "nmap" is installed And the following profile: | name | value | | hostname | example.com | | tcp_ping_ports | 22,25,80,443 |
Scenario: Verify server is open on expected ports When I launch an "nmap" attack with: """ nmap -F www.example.com """ Then the output should contain: """ 443/tcp open https """
1 scenario (1 passed)5 steps (5 passed)0m18.341s
running gauntlt with passing tests
Tuesday, December 18, 12
Feature: Run sqlmap against a target
Scenario: Identify SQL injection vulnerabilities Given "sqlmap" is installed And the target URL is "http://localhost?id=1" When I launch a "sqlmap" attack with: """ python <sqlmap_path> -u <target_url> """ Then the output should contain: """ sqlmap identified the following injection points """
Tuesday, December 18, 12
Feature: Run sqlmap against a target
Scenario: Identify SQL injection vulnerabilities Given "sqlmap" is installed And the target URL is "http://localhost?id=1" When I launch a "sqlmap" attack with: """ python <sqlmap_path> -u <target_url> """ Then the output should contain: """ sqlmap identified the following injection points """
setup steps
Tuesday, December 18, 12
Feature: Run sqlmap against a target
Scenario: Identify SQL injection vulnerabilities Given "sqlmap" is installed And the target URL is "http://localhost?id=1" When I launch a "sqlmap" attack with: """ python <sqlmap_path> -u <target_url> """ Then the output should contain: """ sqlmap identified the following injection points """
setup steps
verify tool
Tuesday, December 18, 12
Feature: Run sqlmap against a target
Scenario: Identify SQL injection vulnerabilities Given "sqlmap" is installed And the target URL is "http://localhost?id=1" When I launch a "sqlmap" attack with: """ python <sqlmap_path> -u <target_url> """ Then the output should contain: """ sqlmap identified the following injection points """
setup steps
verify tool
set config
Tuesday, December 18, 12
Feature: Run sqlmap against a target
Scenario: Identify SQL injection vulnerabilities Given "sqlmap" is installed And the target URL is "http://localhost?id=1" When I launch a "sqlmap" attack with: """ python <sqlmap_path> -u <target_url> """ Then the output should contain: """ sqlmap identified the following injection points """
Tuesday, December 18, 12
Feature: Run sqlmap against a target
Scenario: Identify SQL injection vulnerabilities Given "sqlmap" is installed And the target URL is "http://localhost?id=1" When I launch a "sqlmap" attack with: """ python <sqlmap_path> -u <target_url> """ Then the output should contain: """ sqlmap identified the following injection points """
attack!
Tuesday, December 18, 12
Feature: Run sqlmap against a target
Scenario: Identify SQL injection vulnerabilities Given "sqlmap" is installed And the target URL is "http://localhost?id=1" When I launch a "sqlmap" attack with: """ python <sqlmap_path> -u <target_url> """ Then the output should contain: """ sqlmap identified the following injection points """
attack!
env param
Tuesday, December 18, 12
Feature: Run sqlmap against a target
Scenario: Identify SQL injection vulnerabilities Given "sqlmap" is installed And the target URL is "http://localhost?id=1" When I launch a "sqlmap" attack with: """ python <sqlmap_path> -u <target_url> """ Then the output should contain: """ sqlmap identified the following injection points """
attack!
env param
getconfig
Tuesday, December 18, 12
Feature: Run sqlmap against a target
Scenario: Identify SQL injection vulnerabilities Given "sqlmap" is installed And the target URL is "http://localhost?id=1" When I launch a "sqlmap" attack with: """ python <sqlmap_path> -u <target_url> """ Then the output should contain: """ sqlmap identified the following injection points """
Tuesday, December 18, 12
Feature: Run sqlmap against a target
Scenario: Identify SQL injection vulnerabilities Given "sqlmap" is installed And the target URL is "http://localhost?id=1" When I launch a "sqlmap" attack with: """ python <sqlmap_path> -u <target_url> """ Then the output should contain: """ sqlmap identified the following injection points """
assert
Tuesday, December 18, 12
Feature: Run sqlmap against a target
Scenario: Identify SQL injection vulnerabilities Given "sqlmap" is installed And the target URL is "http://localhost?id=1" When I launch a "sqlmap" attack with: """ python <sqlmap_path> -u <target_url> """ Then the output should contain: """ sqlmap identified the following injection points """
assert
needle
Tuesday, December 18, 12
Feature: Run sqlmap against a target
Scenario: Identify SQL injection vulnerabilities Given "sqlmap" is installed And the target URL is "http://localhost?id=1" When I launch a "sqlmap" attack with: """ python <sqlmap_path> -u <target_url> """ Then the output should contain: """ sqlmap identified the following injection points """
assert
needle
haystack
Tuesday, December 18, 12
Given /^"sqlmap" is installed$/ do ensure_python_script_installed('sqlmap')end
When /^I launch an? "sqlmap" attack with:$/ do |command| sqlmap_path = path_to_python_script("sqlmap")
command.gsub!('<target_url>', target_url) command.gsub!('<sqlmap_path>', sqlmap_path) run commandend
Tuesday, December 18, 12
Given /^"sqlmap" is installed$/ do ensure_python_script_installed('sqlmap')end
When /^I launch an? "sqlmap" attack with:$/ do |command| sqlmap_path = path_to_python_script("sqlmap")
command.gsub!('<target_url>', target_url) command.gsub!('<sqlmap_path>', sqlmap_path) run commandend
step definition
Tuesday, December 18, 12
Given /^"sqlmap" is installed$/ do ensure_python_script_installed('sqlmap')end
When /^I launch an? "sqlmap" attack with:$/ do |command| sqlmap_path = path_to_python_script("sqlmap")
command.gsub!('<target_url>', target_url) command.gsub!('<sqlmap_path>', sqlmap_path) run commandend
step definition ruby
Tuesday, December 18, 12
Given /^"sqlmap" is installed$/ do ensure_python_script_installed('sqlmap')end
When /^I launch an? "sqlmap" attack with:$/ do |command| sqlmap_path = path_to_python_script("sqlmap")
command.gsub!('<target_url>', target_url) command.gsub!('<sqlmap_path>', sqlmap_path) run commandend
Tuesday, December 18, 12
Given /^"sqlmap" is installed$/ do ensure_python_script_installed('sqlmap')end
When /^I launch an? "sqlmap" attack with:$/ do |command| sqlmap_path = path_to_python_script("sqlmap")
command.gsub!('<target_url>', target_url) command.gsub!('<sqlmap_path>', sqlmap_path) run commandend
step definition
Tuesday, December 18, 12
Given /^"sqlmap" is installed$/ do ensure_python_script_installed('sqlmap')end
When /^I launch an? "sqlmap" attack with:$/ do |command| sqlmap_path = path_to_python_script("sqlmap")
command.gsub!('<target_url>', target_url) command.gsub!('<sqlmap_path>', sqlmap_path) run commandend
step definition
execute
Tuesday, December 18, 12
Supported Tools
• curl
• nmap
• sslyze
• sqlmap
• Garmr
• generic command line
Tuesday, December 18, 12
Try it yourself athttp://gauntlt.org/
with the new gauntlt video tutorial!
Tuesday, December 18, 12