Be Mean to Your Code
-
date post
19-Oct-2014 -
Category
Investor Relations
-
view
2.055 -
download
1
description
Transcript of Be Mean to Your Code
Be Mean to Your Code!
@wickettSr. DevOps Engineer
Mentor Graphics, Embedded Software Division
CISSP, GWAPT, CCSK, GSEC, GCFW
ruggeddevops.org
I recognize that my code will be used in ways I cannot anticipate, in ways it was not designed, and for longer than it was ever intended.
Ruggedization Theory
Building solutions to handle adversity will cause unintended, positive benefits that will provide value that would have been unrealized otherwise.
"Secondly, our network got a lot stronger as a result of the LulzSec
attacks." -Surviving Lulz: Behind the Scenes of LulzSec @SXSW 2012
by CloudFlare team
Security vs. Rugged
• Absence of Events
• Cost
• Negative
• FUD
• Toxic
• Verification of quality
• Benefit
• Positive
• Known values
• Affirming
“[RISK ASSESSMENT] INTRODUCES A DANGEROUS FALLACY: THAT STRUCTURED INADEQUACY IS ALMOST AS GOOD AS ADEQUACY AND THAT UNDERFUNDED SECURITY EFFORTS PLUS RISK MANAGEMENT ARE ABOUT AS GOOD AS PROPERLY FUNDED SECURITY WORK” - MICHAL ZALEWSKI
REPEATABLE – NO MANUAL STEPSRELIABLE - NO DOS HEREREVIEWABLE – AKA AUDITRAPID – FAST TO BUILD, DEPLOY, RESTORERESILIENT – AUTOMATED RECONFIGURATION REDUCED - LIMITED ATTACK SURFACE
w3af
fuzzers
nmap
nessus
sqlmapmetasploit
dirbustercustom attacks
Put your code through the Gauntlet
Your web app
w3af
fuzzers
nmap
nessus
sqlmapmetasploit
You
dirbustercustom attacks
Put your code through the Gauntlet
GAUNTLT ALLOWS DEV AND OPS AND SECURITY TO
COMMUNICATE
@run
Feature: Run nmap against a target and pass the value of the hostname from the profile.xml.
Background: Given nmap is installed
Scenario: Verify server is available on standard web ports Given the hostname in the profile.xml When I run nmap against the hostname in the profile on ports 80,443 Then the output should contain: """ 80/tcp open http 443/tcp open https """
feature for nmap:nmap.feature
@run @webserver
Feature: Run nmap against a target and pass the value of the hostname from the profile.xml.
Background: #optional Given nmap is installed
Scenario: Verify server is available on standard web ports Given the hostname in the profile.xml When I run nmap against the hostname in the profile on ports 80,443 Then the output should contain: """ 80/tcp open http 443/tcp open https """
feature for nmap:nmap.feature
Given /^nmap is installed$/ do steps %{ When I run `which nmap` Then the output should contain: """ nmap """ } end
When /^I run nmap against the hostname in the profile on ports (\d+),(\d+)$/ do |arg2, arg3| steps %{ When I run `nmap \"#{@hostname}\" -p80,443` }end
...
step definition for nmap:nmap.rb
wickett$ gauntlt
@gauntlet @runFeature: Run nmap against a target and pass the value of the hostname from the profile.xml.
Background: # features/nmap/nmap.feature:5 Given nmap is installed # features/step_definitions/nmap.rb:2
Scenario: Verify server is available on standard web ports # features/nmap/nmap.feature:8 Given the hostname in the profile.xml # features/step_definitions/profile.rb:1 When I run nmap against the hostname in the profile on ports 8080,443 # features/step_definitions/nmap.rb:12 Then the output should contain: # aruba-0.4.11/lib/aruba/cucumber.rb:98 """ 8080/tcp open http 443/tcp open https """...
Failing Scenarios:cucumber features/nmap/nmap.feature:8 # Scenario: Verify server is available on standard web ports
1 scenario (1 failed)4 steps (1 failed, 3 passed)0m0.341s
running gauntlt with failing tests
wickett$ gauntlt
@gauntlet @runFeature: Run nmap against a target and pass the value of the hostname from the profile.xml.
Background: # features/nmap/nmap.feature:5 Given nmap is installed # features/step_definitions/nmap.rb:2
Scenario: Verify server is available on standard web ports # features/nmap/nmap.feature:8 Given the hostname in the profile.xml # features/step_definitions/profile.rb:1 When I run nmap against the hostname in the profile on ports 80,443 # features/step_definitions/nmap.rb:12 Then the output should contain: # aruba-0.4.11/lib/aruba/cucumber.rb:98 """ 80/tcp open http 443/tcp open https """
1 scenario (1 passed)4 steps (4 passed)0m1.117s
running gauntlt with passing tests
HTTPS://GITHUB.COM/THEGAUNTLET/GAUNTLT
gauntlt team:James WickettMani TadayonRoy Rapoport
Jason ChanMatt TesauroTarek MoussaJeremiah ShirkLuis De LeonDan CornellScott Muc
Join Us
• github > http://bit.ly/gauntlt_repo
• google group > http://bit.ly/gauntlt_group
• twitter: @gauntlt