Title: Gauntlt: Rugged by Example
"Be Mean to Your Code" is the concept behind the ruggedization framework called Gauntlt (pronounced like gauntlet) which aims to bring the benefits of Behaviour Driven Development to the realms of automated security testing, application hardening and ruggedization. Gauntlt is an open source ruggedization framework using cucumber and written in ruby. Gauntlt has been developed in collaboration with Netflix to fulfill the role of the "Security Monkey" in their Simian Army--most popularly known for the Chaos Monkey.
Gauntlt is meant to be used by security experts with interest in automation as well as developers with interest in security. It can be used to deliver the results of a security audit or penetration test via failing gauntlt attacks (tests) which can in turn be added to the continuous delivery test suite. Developers know when they have resolved a particular vulnerability when gauntlt no longer reports a failure. Gauntlt can be used in regression tests to detect when a previously resolved vulnerability has been re-introduced.
The creators of Gauntlt, James Wickett, Mani Tadayon and Roy Rapoport, will talk about the history of the project, current roadmap and the planned security testing tools being added to Gauntlt. As part of this talk we will do a hands on demo where we will walk the audience through getting started using gauntlt pre-built attacks and then move to writing their own gauntlt attacks. Come find out how to start being "rugged by example" and how to get started with Gauntlt.
Note: Jeremiah Shirk is filling in for Roy Rapoport.
Gauntlt is MIT Licensed and hosted on github at github.com/thegauntlet/gauntlt.
Jeremiah Shirk, Integration & Infrastructure Manager, Kansas State University
Jeremiah is the Integration & Infrastructure Manager for Kansas State University. He is working to evangelize security as an integral component of all phases of the software life cycle, from design, development, and testing, through to delivery, operations, and user interaction. He has been active in computer and network security since 2000, starting out in the trenches of firewall administration, malware research, and penetration testing. His current interests include data visualization, growing the DevOps community, and building reliable systems through infrastructure-as-code. Ask him about his ducks.
Mani Tadayon, Senior Software Engineer, ZestFinance
James Wickett, Senior DevOps Engineer, Mentor Graphics
James is an innovative thought leader in the DevOps and InfoSec communities and has a passion for helping big companies work like startups to deliver products in the cloud. He got his start in technology when he ran a Web startup company as a student at University of Oklahoma and since then has worked in environments ranging from large, web-scale enterprises to small, rapid-growth startups. As a Senior DevOps Engineer, James is working on launching cloud based-products for the Embedded Software Division of Mentor Graphics.
James is a dynamic speaker on topics in cloud computing, cloud security and Rugged DevOps. He is the creator and founder of the Lonestar Application Security Conference which is the largest annual security conference in Austin, TX. He holds the following security certifications: CISSP, GWAPT, GCFW, GSEC and CCSK.
Date:Thursday October 25, 2012 10:00am - 10:45am
Location: AppSecUSA, Austin, TX. Hyatt Regency Hotel. Gluu Room
Track: Rugged DevOps