This is a hands-on workshop for working with Gauntlt. The first half is philosophy, theory and social commentary. The second half is the hands on workshop.
There are two options for working through the workshop. The recommended way is to use the virtual box image as there are a couple of security tools (arachni, nmap, ...) that we will be using. It is not required for you to use it though and you can just clone the repo if you have ruby 1.9.3 and bundler.
If you want to use the vagrant box setup for the workshop, please follow the instructions in 02_Using Vagrant Box.md and if you want to just use our own box, follow the directions in 03_Using Repo Only.md
This has been tested to work on linux and OS X. You can follow along using the instructions > https://gist.github.com/wickett/25d90a462706639446cc
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Be Mean to Your Code with Gauntlt and the Rugged Way // Velocity EU 2013 Workshop
1. BE MEAN TO YOUR CODE WITH
G A U N T LT A N D T H E R U G G E D W AY
JAMES WICKETT // @WICKETT
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
2. @WICKETT
• Austin, TX
• Gauntlt Core Team
• LASCON Founder
• Cloud Austin Organizer
• DevOps Days Austin Organizer
• DevOps, Ruby, AppSec, Chef, Cucumber, Gauntlt
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
3. REQUIREMENTS
OPTION 1
OPTION 2
• Virtual Box
• Ruby 1.9.3
• Vagrant
• Git
OR
• Gauntlt Box
• Bundler
• Pre-downloaded
• Reliable Internet
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
19. W E H AV E A P E O P L E P R O B L E M
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
20. T H E R AT I O P R O B L E M
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
21. D E V: O P S : S E C U R I T Y
100:10:1
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
22. LANGUAGE GAP
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
23. S E C U R I T Y D O E S N ' T A L W AY S
SPEAK THE LANGUAGE OF THE
BIZ / DEV / OPS TEAMS
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
33. S I G N S T H AT S E C U R I T Y I S
MOVING INTO A NEW ERA
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
34. A N A LY T I C S , M O N I T O R S , L O G S , T E L E M E T R Y,
TESTING, CONFIG MANAGEMENT
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
35. AT TA C K C H A I N S A N D S I G N A L S
http://www.youtube.com/watch?v=jQblKuMuS0Y
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
36. V U L N E R A B I L I T Y E X P L O I TAT I O N I S
A TIMELINE
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
38. S Q L S Y N TA X E R R O R S
D B TA B L E N A M E S
LARGE RESPONSE SIZES
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
39. I N S T R U M E N T F U L L AT TA C K
C H A I N S A N D W AT C H F O R S I G N A L S
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
40. RUGGED
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
41. @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
48. G A U N T LT I S A N O P I N I O N AT E D
FRAMEWORK TO DO RUGGED TESTING
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
49. G A U N T LT = S E C U R I T Y + C U C U M B E R
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
http://www.flickr.com/photos/35231744@N00/286858571/
67. GARMR
NMAP
CODE
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
ARACHNI
SQLMAP
CODE
CODE
68. @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
69. B U T W H AT A B O U T T H E P E O P L E
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
70. C O N V E R S AT I O N A N D C O L L A B O R AT I O N
I S T H E C O R E O F G A U N T LT
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
71. DEV
*.attack
OPS
SECURITY
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
• Execution Knowledge
• Testing Logic Captured
• Repeatable
72. G A U N T LT I N A C T I O N
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
76. Attack Step: Given
Setup steps
Check Resource Available
Given “arachni” is installed
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
77. Attack Step: When
Action steps
When I launch an
“arachni-xss” attack
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
78. Attack Step: Then
Parsing Steps
Then the output should
not contain “fail”
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
79. G A U N T LT P H I L O S O P H Y
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
80. RUN SECURITY TOOLS IN A
R E P E ATA B L E , E A S Y T O R E A D W AY
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
81. G A U N T LT D O E S N O T I N S TA L L
TOOLS
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
82. G A U N T LT S H I P W I T H P R E C A N N E D AT TA C K S A N D S T E P S
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
83. B E PA R T O F T H E C I / C D P I P E L I N E
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
84. H A N D L E S T D I N , S T D O U T, A N D
E X I T S TAT U S
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
85. G A U N T LT I N U S E
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
86. AT A G A M E D E V S H O P
• Check for XSS (cross site scripting) [Arachni]
• Check for new login pages [Garmr]
• Check for insecure refs in login flows [Garmr]
• Extended XSS testing [Custom Arachni] (PR coming soon)
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
87. MENTOR GRAPHICS
• Smoke Test integration on environment build
• Checks REST services [curl]
• Tests for XSS [arachni]
• Injection attacks [sqlmap, dirb]
• Misconfiguration [dirb]
• SSL checks [sslyze]
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
88. AT C A B F O R W A R D
• Ruby Dev Shop
• Integrated into CI for customers
• GITHUB -> TravisCI -> Unit Tests / Integration Tests / Gauntlt
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
89. G I T H U B . C O M / G A U N T LT / G A U N T LT
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
90. $ gem install gauntlt
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
91. !
Given
Feature: nmap attacks for example.com
Background:
Given "nmap" is installed
And the following profile:
| name
| value
|
| hostname
| example.com |
!
When
Then
When
Then
Scenario: Verify server is open on expected ports
When I launch an "nmap" attack with:
"""
nmap -F <hostname>
"""
Then the output should contain:
"""
80/tcp open http
"""
Scenario: Verify that there are no unexpected ports open
When I launch an "nmap" attack with:
"""
nmap -F <hostname>
"""
Then the output should not contain:
"""
25/tcp
"""
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
92. HANDS ON
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
98. $ cd gauntlt-demo
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
99. $ rvm use 1.9.3
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
100. 04_Hello World with Gauntlt.md
$ cd ./examples
$ gauntlt ./hello_world/hello_world.attack
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
101. @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
102. @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
103. @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
104. @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
105. @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
106. @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
107. @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
108. @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
109. $ gauntlt --steps
/^"(w+)" is installed in my path$/
/^"arachni" is installed$/
/^"curl" is installed$/
/^"dirb" is installed$/
/^"garmr" is installed$/
/^"nmap" is installed$/
/^"sqlmap" is installed$/
/^"sslyze" is installed$/
/^I launch (?:a|an) "arachni" attack with:$/
/^I launch (?:a|an) "arachni-(.*?)" attack$/
/^I launch (?:a|an) "curl" attack with:$/
/^I launch (?:a|an) "dirb" attack with:$/
/^I launch (?:a|an) "garmr" attack with:$/
/^I launch (?:a|an) "generic" attack with:$/
/^I launch (?:a|an) "nmap" attack with:$/
/^I launch (?:a|an) "nmap-(.*?)" attack$/
/^I launch (?:a|an) "sqlmap" attack with:$/
/^I launch (?:a|an) "sslyze" attack with:$/
/^the "(.*?)" command line binary is installed$/
/^the DIRB_WORDLISTS environment variable is set$/
/^the file "(.*?)" should contain XML:$/
/^the file "(.*?)" should not contain XML:$/
/^the following cookies should be received:$/
/^the following environment variables:$/
/^the following profile:$/
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
110. @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
111. @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
112. @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
113. @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
114. @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
115. @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
116. @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
117. @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
118. @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
119. @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
120. bundle exec gauntlt --format html > out.html
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
121. @ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
122. • Google Group > https://groups.google.com/d/forum/gauntlt
• Wiki > https://github.com/gauntlt/gauntlt/wiki
• IRC > #gauntlt on freenode
• Weekly hangout > http://bit.ly/gauntlt-hangout
• Issue tracking > http://github.com/gauntlt/gauntlt
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT
123. B E TA I N V I T E T O U D E M Y C L A S S ?
E M A I L J A M E S @ G A U N T LT. O R G
@ W I C K E T T / / # V E L O C I T Y C O N F / / @ G A U N T LT