Title: Gauntlt: Rugged by Example

Abstract

"Be Mean to Your Code" is the concept behind the ruggedization framework called Gauntlt (pronounced like gauntlet) which aims to bring the benefits of Behaviour Driven Development to the realms of automated security testing, application hardening and ruggedization. Gauntlt is an open source ruggedization framework using cucumber and written in ruby. Gauntlt has been developed in collaboration with Netflix to fulfill the role of the "Security Monkey" in their Simian Army--most popularly known for the Chaos Monkey.

Gauntlt is meant to be used by security experts with interest in automation as well as developers with interest in security. It can be used to deliver the results of a security audit or penetration test via failing gauntlt attacks (tests) which can in turn be added to the continuous delivery test suite. Developers know when they have resolved a particular vulnerability when gauntlt no longer reports a failure. Gauntlt can be used in regression tests to detect when a previously resolved vulnerability has been re-introduced.

The creators of Gauntlt, James Wickett, Mani Tadayon and Roy Rapoport, will talk about the history of the project, current roadmap and the planned security testing tools being added to Gauntlt. As part of this talk we will do a hands on demo where we will walk the audience through getting started using gauntlt pre-built attacks and then move to writing their own gauntlt attacks. Come find out how to start being "rugged by example" and how to get started with Gauntlt.

Note: Jeremiah Shirk is filling in for Roy Rapoport.

Gauntlt is MIT Licensed and hosted on github at github.com/thegauntlet/gauntlt.
*****

Speakers

Jeremiah Shirk, Integration & Infrastructure Manager, Kansas State University

Jeremiah is the Integration & Infrastructure Manager for Kansas State University. He is working to evangelize security as an integral component of all phases of the software life cycle, from design, development, and testing, through to delivery, operations, and user interaction. He has been active in computer and network security since 2000, starting out in the trenches of firewall administration, malware research, and penetration testing. His current interests include data visualization, growing the DevOps community, and building reliable systems through infrastructure-as-code. Ask him about his ducks.

Mani Tadayon, Senior Software Engineer, ZestFinance

I love programming and am now learning Clojure, Lisp and Emacs. Since 2001, I've worked in web development, constantly updating my skills to keep up with new technologies, moving from .NET to php to ruby and beyond. At the same time, I've discovered the importance of strong foundations and continue to re-learn c, html and javascript. My educational background is broad: a bachelor's in Chinese, Japanese & German from UC Berkeley and a second bachelor's in Computer Science (with a minor in Math) from CSU Hayward. Currently, I am a graduate student in Geography at CSU Northridge. My current interests are in functional programming, logic and philosophy. I hope to pursue academic research in these fields alongside my career as a programmer. I took a small step down that path with my recently published paper on the philosophy of AVP: Alien vs. Predator.

James Wickett, Senior DevOps Engineer, Mentor Graphics

James is an innovative thought leader in the DevOps and InfoSec communities and has a passion for helping big companies work like startups to deliver products in the cloud. He got his start in technology when he ran a Web startup company as a student at University of Oklahoma and since then has worked in environments ranging from large, web-scale enterprises to small, rapid-growth startups. As a Senior DevOps Engineer, James is working on launching cloud based-products for the Embedded Software Division of Mentor Graphics.

James is a dynamic speaker on topics in cloud computing, cloud security and Rugged DevOps. He is the creator and founder of the Lonestar Application Security Conference which is the largest annual security conference in Austin, TX. He holds the following security certifications: CISSP, GWAPT, GCFW, GSEC and CCSK.

*****
Date:Thursday October 25, 2012 10:00am - 10:45am
Location: AppSecUSA, Austin, TX. Hyatt Regency Hotel. Gluu Room
Track: Rugged DevOps

# vimeo.com/54250714 Uploaded 2,919 Plays 1 Comment

OWASP AppSec USA 2012 Conference

OWASP AppSec USA PRO

OWASP AppSec USA 2012 Conference

These videos are from the 2012 AppSec USA conference from the Open Web Application Security Project in Austin, TX.

Browse This Channel

Shout Box

Heads up: the shoutbox will be retiring soon. It’s tired of working, and can’t wait to relax. You can still send a message to the channel owner, though!

Channels are a simple, beautiful way to showcase and watch videos. Browse more Channels.