gauntlt rugged by example
DESCRIPTION
Learning Objectives: James gave us our overview of the following points: 1. Why security is dead and rugged is the new currency. 2. Why automating security tests and putting them in your deployment pipelines is where security can add business value. 3. And, learn more about Gauntlt, the open source framework that helps you accomplish the technical side of automating security tests.TRANSCRIPT
![Page 1: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/1.jpg)
Rugged by Example
with
Gauntlt
![Page 2: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/2.jpg)
@wickett
College Startup
Web Systems Engineer
Media Startup
Web Ops Lead
DevOps
CISSP
CISSP, sounds cool
![Page 3: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/3.jpg)
a brief history of infosec
![Page 4: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/4.jpg)
1337 tools
![Page 5: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/5.jpg)
the worms and viruses didn’t stop
![Page 6: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/6.jpg)
we faced skilled
adversaries
![Page 7: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/7.jpg)
we couldn’t win
![Page 8: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/8.jpg)
Instead of
Engineering
InfoSec
became
Actuaries
![Page 9: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/9.jpg)
“[RISK ASSESSMENT] INTRODUCES A DANGEROUS FALLACY: THAT STRUCTURED INADEQUACY IS ALMOST AS GOOD AS ADEQUACY AND THAT UNDERFUNDED SECURITY EFFORTS PLUS RISK MANAGEMENT ARE ABOUT AS GOOD AS PROPERLY FUNDED SECURITY WORK”
![Page 10: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/10.jpg)
there were other
movements
![Page 11: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/11.jpg)
devs became cool
![Page 12: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/12.jpg)
devs became cool agile
![Page 13: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/13.jpg)
the biz sells time
now
![Page 14: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/14.jpg)
![Page 15: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/15.jpg)
dev and ops now play nice
![Page 16: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/16.jpg)
http://www.slideshare.net/jallspaw/10-deploys-per-day-dev-and-ops-cooperation-at-flickr
![Page 17: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/17.jpg)
http://www.slideshare.net/jallspaw/10-deploys-per-day-dev-and-ops-cooperation-at-flickr
![Page 18: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/18.jpg)
cultureautomationmeasurementsharing
credit to John Willis and Damon Edwards
![Page 19: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/19.jpg)
infosec hasn’t kept
pace
![Page 20: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/20.jpg)
Your punch is soft,just like your heart
![Page 21: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/21.jpg)
“Is this
Secure?”
-Your
Customer
![Page 22: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/22.jpg)
“It’s
Certified”
-You
![Page 23: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/23.jpg)
there’s a better way
![Page 24: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/24.jpg)
![Page 25: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/25.jpg)
6 R’s of Rugged DevOps
![Page 26: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/26.jpg)
http://www.slideshare.net/wickett/putting-rugged-into-your-devops-toolchain
![Page 27: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/27.jpg)
how does one join rugged devops?
![Page 28: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/28.jpg)
![Page 29: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/29.jpg)
enter gauntlt
![Page 30: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/30.jpg)
gauntlt is
like this
![Page 31: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/31.jpg)
sqlmap sslyze
dirbcurl
generic
nmap
your appgauntlt
exit status: 0
![Page 32: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/32.jpg)
gauntlt credits:
Project Leads:
James Wickett
Jeremiah Shirk
Friends: Jason Chan, NetflixNeil Matatall, TwitterMani Tadayon
![Page 33: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/33.jpg)
security tools are confusing
![Page 34: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/34.jpg)
mapping
discovery
exploitation
![Page 35: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/35.jpg)
fuzzfind inject
![Page 36: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/36.jpg)
security
tests on
every change
![Page 37: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/37.jpg)
wisdom from
a video game
![Page 38: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/38.jpg)
always
listen to
Doc
![Page 39: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/39.jpg)
Find the
weakness of
your enemy
![Page 40: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/40.jpg)
Codify your
knowledge
(cheat sheets)
![Page 41: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/41.jpg)
sometimes, you
face the same
enemies again
![Page 42: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/42.jpg)
gauntlt is
collaboration
![Page 43: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/43.jpg)
Gauntlt helps
dev and ops
and security
to communicate
![Page 44: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/44.jpg)
gauntlt
harmonizes
our languages
![Page 45: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/45.jpg)
Behavior Driven
Development
BDD is a second-generation, outside–in, pull-based, multiple-stakeholder, multiple-scale, high-automation, agile methodology. It describes a cycle of interactions with well-defined outputs, resulting in the delivery of working, tested software that matters.
Dan North , 2009
![Page 46: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/46.jpg)
we have to start
somewhere
![Page 47: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/47.jpg)
$ gem install gauntlt
install gauntlt
![Page 48: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/48.jpg)
gauntlt design
Simple
Extensible
UNIX™: stdin, stdout, exit status
Minimum features yield maximum utility
![Page 49: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/49.jpg)
$ gauntlt --list
Defined attacks: curl dirb garmr generic nmap sqlmap sslyze
![Page 50: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/50.jpg)
Attack File
Plain Text File
Gherkin syntax:
Given
When
Then
![Page 51: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/51.jpg)
Feature: nmap attacks for example.com Background: Given "nmap" is installed And the following profile: | name | value | | hostname | example.com |
Scenario: Verify server is open on expected ports When I launch an "nmap" attack with: """ nmap -F <hostname> """ Then the output should contain: """ 80/tcp open http """ Scenario: Verify that there are no unexpected ports open When I launch an "nmap" attack with: """ nmap -F <hostname> """ Then the output should not contain: """ 25/tcp """
Given
When
Then
When
Then
![Page 52: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/52.jpg)
running gauntlt with failing tests
$ gauntlt
Feature: nmap attacks for example.com
Background: Given "nmap" is installed And the following profile: | name | value | | hostname | example.com |
Scenario: Verify server is open on expected ports When I launch an "nmap" attack with: """ nmap -F www.example.com """ Then the output should contain: """ 443/tcp open https """
1 scenario (1 failed)5 steps (1 failed, 4 passed)0m18.341s
![Page 53: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/53.jpg)
$ gauntlt
Feature: nmap attacks for example.com
Background: Given "nmap" is installed And the following profile: | name | value | | hostname | example.com |
Scenario: Verify server is open on expected ports When I launch an "nmap" attack with: """ nmap -F www.example.com """ Then the output should contain: """ 443/tcp open https """
1 scenario (1 passed)4 steps (4 passed)0m18.341s
running gauntlt with passing tests
![Page 54: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/54.jpg)
$ gauntlt --steps/^"(\w+)" is installed in my path$//^"curl" is installed$//^"dirb" is installed$//^"garmr" is installed$//^"nmap" is installed$//^"sqlmap" is installed$//^"sslyze" is installed$//^I launch a "curl" attack with:$//^I launch a "dirb" attack with:$//^I launch a "garmr" attack with:$//^I launch a "generic" attack with:$//^I launch an "nmap" attack with:$//^I launch an "sslyze" attack with:$//^I launch an? "sqlmap" attack with:$//^the "(.*?)" command line binary is installed$//^the file "(.*?)" should contain XML:$//^the file "(.*?)" should not contain XML:$//^the following cookies should be received:$//^the following profile:$/
![Page 55: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/55.jpg)
$ gauntlt --steps/^"(\w+)" is installed in my path$//^"sqlmap" is installed$//^I launch a "generic" attack with:$//^I launch an? "sqlmap" attack with:$/
![Page 56: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/56.jpg)
Feature: nmap attacks for example.com Background: Given "nmap" is installed And the following profile: | name | value | | hostname | example.com |
Scenario: Verify server is open on expected ports When I launch an "nmap" attack with: """ nmap -F <hostname> """ Then the output should contain: """ 80/tcp open http """ Scenario: Verify that there are no unexpected ports open When I launch an "nmap" attack with: """ nmap -F <hostname> """ Then the output should not contain: """ 25/tcp """
setup steps
verify tool
set config
![Page 57: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/57.jpg)
Feature: nmap attacks for example.com Background: Given "nmap" is installed And the following profile: | name | value | | hostname | example.com |
Scenario: Verify server is open on expected ports When I launch an "nmap" attack with: """ nmap -F <hostname> """ Then the output should contain: """ 80/tcp open http """ Scenario: Verify that there are no unexpected ports open When I launch an "nmap" attack with: """ nmap -F <hostname> """ Then the output should not contain: """ 25/tcp """
attack
get config
![Page 58: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/58.jpg)
Feature: nmap attacks for example.com Background: Given "nmap" is installed And the following profile: | name | value | | hostname | example.com |
Scenario: Verify server is open on expected ports When I launch an "nmap" attack with: """ nmap -F <hostname> """ Then the output should contain: """ 80/tcp open http """ Scenario: Verify that there are no unexpected ports open When I launch an "nmap" attack with: """ nmap -F <hostname> """ Then the output should not contain: """ 25/tcp """
assert
needle
haystack
![Page 59: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/59.jpg)
Supported Tools
curlnmapsqlmapsslyzeGarmrdirbgeneric
![Page 60: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/60.jpg)
Netflix
Use Case
Real World Cloud Application Security, Jason Chanhttps://vimeo.com/54157394
![Page 61: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/61.jpg)
Check your ssl certs
![Page 62: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/62.jpg)
cookie tampering
![Page 63: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/63.jpg)
curl hacking
![Page 64: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/64.jpg)
Look for common apache
misconfigurations
![Page 65: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/65.jpg)
@slowFeature: Run dirb scan on a URL
Scenario: Run a dirb scan looking for common vulnerabilities in apache
Given "dirb" is installed And the following profile: | name | value | | hostname | http://example.com | | wordlist | vulns/apache.txt |
When I launch a "dirb" attack with: """ dirb <hostname> <dirb_wordlists_path>/<wordlist> """
Then the output should contain: """ FOUND: 0 """
.htaccess.htpasswd
.meta.web
access_logcgi
cgi-bincgi-pub
cgi-scriptdummyerror
error_loghtdocshttpd
httpd.pidicons
server-infoserver-status
logsmanualprintenvtest-cgi
tmp~bin~ftp
~nobody~root
![Page 66: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/66.jpg)
I have my weakness. But I won't tell you! Ha Ha Ha!
![Page 67: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/67.jpg)
Test for SQL
Injection
![Page 68: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/68.jpg)
@slow @announceFeature: Run sqlmap against a target Scenario: Identify SQL injection vulnerabilities
Given "sqlmap" is installed And the following profile: | name | value | | target_url | http://example.com?x=1 |
When I launch a "sqlmap" attack with: """ python <sqlmap_path> -u <target_url> --dbms sqlite --batch -v 0 --tables """
![Page 69: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/69.jpg)
![Page 70: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/70.jpg)
my_first.attack
See ‘GET STARTED’ on project repo
Start here > https://github.com/gauntlt/gauntlt/tree/master/examples
Find examples for the attacks
Add your config (hostname, login url, user)
Repeat
![Page 71: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/71.jpg)
Starter Kit on GitHub
The starter kit is on GitHub:
github.com/gauntlt/gauntlt-starter-kit
Or, download a copy from:
www.gauntlt.org/
![Page 72: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/72.jpg)
@gauntlt
future plans
![Page 73: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/73.jpg)
Next Features
More output parsers
More attack adapters
JRuby & Java Support
Front end UI / web
reports
![Page 74: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/74.jpg)
Add feature requests here:
https://github.com/gauntlt/gauntlt/
issues
![Page 75: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/75.jpg)
Contribute
to gauntlt
See ‘FOR DEVELOPERS’ in
the README
Get started in 7 steps
![Page 76: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/76.jpg)
If you get
stuck
Check the README
IRC Channel: #gauntlt
on freenode
@gauntlt on twitter
Mailing List (https://groups.google.com/forum/#!forum/
gauntlt)
Office hours with
weekly google hangout
![Page 77: Gauntlt Rugged By Example](https://reader034.vdocuments.site/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/77.jpg)
get started with gauntlt
github/gauntlt
gauntlt.orgvideos
tutorials
google group@gauntlt
IRC #gauntltwe
help!
start here
cool vids!