SlideShare ist ein Scribd-Unternehmen logo

Running Your Apps Through the "Gauntlt"

Jerod Brennen
Jerod Brennen

It’s generally accepted that built-in app security controls are more effective than bolted-on app security controls. In order to produce rugged software, though, developers need procedures and tools that will help them identify and remediate potential security weaknesses before an app leaves QA. That’s where Gauntlt comes in. Gauntlt’s slogan is, “Be mean to your code and like it,” and the Gauntlt Starter Kit is designed to help you beat up your code pre-deployment. Jerod’s going to introduce you to the Gauntlt Starter Kit and show you how you can bake Gauntlt into your own app dev projects.

Technologie
1 von 26
Downloaden Sie, um offline zu lesen
• • • • •
From https://www.ruggedsoftware.org/
• • • • • • •
• • • •
• • • • • • HTTPS://WWW.OWASP.ORG/INDEX.PHP/TESTING_GUIDE_INTRODUCTION#DERIVING_SECURITY_TEST_REQUIREMENTS
• • HTTPS://WWW.OWASP.ORG/INDEX.PHP/TESTING_GUIDE_INTRODUCTION#DERIVING_SECURITY_TEST_REQUIREMENTS
• • • • • HTTPS://WWW.OWASP.ORG/INDEX.PHP/TESTING_GUIDE_INTRODUCTION#DERIVING_SECURITY_TEST_REQUIREMENTS
• • • • HTTPS://WWW.OWASP.ORG/INDEX.PHP/TESTING_GUIDE_INTRODUCTION#DERIVING_SECURITY_TEST_REQUIREMENTS
• • • • • • • • • • From http://www.testingexcellence.com/top-10-negative-test-cases/
HTTPS://BLOGS.ADOBE.COM/SECURITY/2014/07/OVERVIEW-OF-BEHAVIOR-DRIVEN-DEVELOPMENT.HTML
https://cucumber.io/
From GitHub: a ruggedization framework that embodies the principle "be mean to your code"
• • • • • • • • • On GitHub at https://github.com/gauntlt/gauntlt/tree/master/examples
• • • • • • •
• • • GIT@GITHUB.COM:GAUNTLT/GAUNTLT-STARTER-KIT • • •
• • HTTPS://WWW.VIRTUALBOX.ORG/ • • HTTPS://WWW.VAGRANTUP.COM/
http://samurai.inguardians.com/
• • HTTPS://GITHUB.COM/GAUNTLT/GAUNTLT/ARCHIVE/MASTER.ZIP • • •
• • • • • • • •
• • HTTPS://WWW.RUGGEDSOFTWARE.ORG/ • HTTPS://WWW.RUGGEDSOFTWARE.ORG/WP-CONTENT/UPLOADS/2013/11/RUGGED-HANDBOOK- V7.PDF • HTTPS://WWW.RUGGEDSOFTWARE.ORG/WP-CONTENT/UPLOADS/2013/11/RUGGED-IMPLEMENTATION- GUIDE-V4.PDF • • HTTP://WWW.SLIDESHARE.NET/WICKETT/SECURITY-TESTING-WITH-GAUNTLT
• • HTTPS://WWW.OWASP.ORG/INDEX.PHP/PHOENIX/TOOLS • • HTTPS://WWW.OWASP.ORG/IMAGES/5/52/OWASP_TESTING_GUIDE_V4.PDF
HTTPS://TWITTER.COM/SLANDAIL HTTPS://WWW.LINKEDIN.COM/IN/SLANDAIL HTTP://SLANDAIL.NET/

Empfohlen

2010 01 Stipo Aanpak Introductie En Metaleren
2010 01 Stipo Aanpak Introductie En Metaleren2010 01 Stipo Aanpak Introductie En Metaleren
2010 01 Stipo Aanpak Introductie En MetalerenStipo
 
600 minutespublicit google apps ou 25-3-2009
600 minutespublicit google apps ou 25-3-2009600 minutespublicit google apps ou 25-3-2009
600 minutespublicit google apps ou 25-3-2009Ron Helwig
 
Identity & Access Governance - Ervaringen uit de praktijk (Roundtable Event 2...
Identity & Access Governance - Ervaringen uit de praktijk (Roundtable Event 2...Identity & Access Governance - Ervaringen uit de praktijk (Roundtable Event 2...
Identity & Access Governance - Ervaringen uit de praktijk (Roundtable Event 2...Thomas van Vooren
 
Workshop Identity Access Management voor Studenten - University of Twente 201...
Workshop Identity Access Management voor Studenten - University of Twente 201...Workshop Identity Access Management voor Studenten - University of Twente 201...
Workshop Identity Access Management voor Studenten - University of Twente 201...Thomas van Vooren
 
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTSailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTGlobal Online Trinings
 
Identity Management: Front and Center for Healthcare Providers
Identity Management: Front and Center for Healthcare ProvidersIdentity Management: Front and Center for Healthcare Providers
Identity Management: Front and Center for Healthcare ProvidersAndrew Ames
 
Identity Management for the 21st Century IT Mission
Identity Management for the 21st Century IT MissionIdentity Management for the 21st Century IT Mission
Identity Management for the 21st Century IT MissionCA API Management
 
Embedding Security in the SDLC
Embedding Security in the SDLCEmbedding Security in the SDLC
Embedding Security in the SDLCJerod Brennen
 

Empfohlen

2010 01 Stipo Aanpak Introductie En Metaleren
2010 01 Stipo Aanpak Introductie En Metaleren2010 01 Stipo Aanpak Introductie En Metaleren
2010 01 Stipo Aanpak Introductie En MetalerenStipo
 
600 minutespublicit google apps ou 25-3-2009
600 minutespublicit google apps ou 25-3-2009600 minutespublicit google apps ou 25-3-2009
600 minutespublicit google apps ou 25-3-2009Ron Helwig
 
Identity & Access Governance - Ervaringen uit de praktijk (Roundtable Event 2...
Identity & Access Governance - Ervaringen uit de praktijk (Roundtable Event 2...Identity & Access Governance - Ervaringen uit de praktijk (Roundtable Event 2...
Identity & Access Governance - Ervaringen uit de praktijk (Roundtable Event 2...Thomas van Vooren
 
Workshop Identity Access Management voor Studenten - University of Twente 201...
Workshop Identity Access Management voor Studenten - University of Twente 201...Workshop Identity Access Management voor Studenten - University of Twente 201...
Workshop Identity Access Management voor Studenten - University of Twente 201...Thomas van Vooren
 
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTSailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTGlobal Online Trinings
 
Identity Management: Front and Center for Healthcare Providers
Identity Management: Front and Center for Healthcare ProvidersIdentity Management: Front and Center for Healthcare Providers
Identity Management: Front and Center for Healthcare ProvidersAndrew Ames
 
Identity Management for the 21st Century IT Mission
Identity Management for the 21st Century IT MissionIdentity Management for the 21st Century IT Mission
Identity Management for the 21st Century IT MissionCA API Management
 
Embedding Security in the SDLC
Embedding Security in the SDLCEmbedding Security in the SDLC
Embedding Security in the SDLCJerod Brennen
 
The Path to IAM Maturity
The Path to IAM MaturityThe Path to IAM Maturity
The Path to IAM MaturityJerod Brennen
 
Hacking identity: A Pen Tester's Guide to IAM
Hacking identity: A Pen Tester's Guide to IAMHacking identity: A Pen Tester's Guide to IAM
Hacking identity: A Pen Tester's Guide to IAMJerod Brennen
 
Stealing Domain Admin (or How I Learned to Stop Worrying and Love the CSSF)
Stealing Domain Admin (or How I Learned to Stop Worrying and Love the CSSF)Stealing Domain Admin (or How I Learned to Stop Worrying and Love the CSSF)
Stealing Domain Admin (or How I Learned to Stop Worrying and Love the CSSF)Jerod Brennen
 
Automating Security Testing with the OWTF
Automating Security Testing with the OWTFAutomating Security Testing with the OWTF
Automating Security Testing with the OWTFJerod Brennen
 
Assess all the things
Assess all the thingsAssess all the things
Assess all the thingsJerod Brennen
 
What you need to know about OSINT
What you need to know about OSINTWhat you need to know about OSINT
What you need to know about OSINTJerod Brennen
 
Common Sense Security Framework
Common Sense Security FrameworkCommon Sense Security Framework
Common Sense Security FrameworkJerod Brennen
 
Please, Please, PLEASE Defend Your Mobile Apps!
Please, Please, PLEASE Defend Your Mobile Apps!Please, Please, PLEASE Defend Your Mobile Apps!
Please, Please, PLEASE Defend Your Mobile Apps!Jerod Brennen
 
Integrating security into the application development process
Integrating security into the application development processIntegrating security into the application development process
Integrating security into the application development processJerod Brennen
 
Bridging the Social Media Implementation/Audit Gap
Bridging the Social Media Implementation/Audit GapBridging the Social Media Implementation/Audit Gap
Bridging the Social Media Implementation/Audit GapJerod Brennen
 
Attacking and Defending Mobile Applications
Attacking and Defending Mobile ApplicationsAttacking and Defending Mobile Applications
Attacking and Defending Mobile ApplicationsJerod Brennen
 
Identity and Access Management 101
Identity and Access Management 101Identity and Access Management 101
Identity and Access Management 101Jerod Brennen
 
DDoS Attack Preparation and Mitigation
DDoS Attack Preparation and MitigationDDoS Attack Preparation and Mitigation
DDoS Attack Preparation and MitigationJerod Brennen
 
Information Security Management 101
Information Security Management 101Information Security Management 101
Information Security Management 101Jerod Brennen
 

Weitere ähnliche Inhalte

Mehr von Jerod Brennen

The Path to IAM Maturity
The Path to IAM MaturityThe Path to IAM Maturity
The Path to IAM MaturityJerod Brennen
 
Hacking identity: A Pen Tester's Guide to IAM
Hacking identity: A Pen Tester's Guide to IAMHacking identity: A Pen Tester's Guide to IAM
Hacking identity: A Pen Tester's Guide to IAMJerod Brennen
 
Stealing Domain Admin (or How I Learned to Stop Worrying and Love the CSSF)
Stealing Domain Admin (or How I Learned to Stop Worrying and Love the CSSF)Stealing Domain Admin (or How I Learned to Stop Worrying and Love the CSSF)
Stealing Domain Admin (or How I Learned to Stop Worrying and Love the CSSF)Jerod Brennen
 
Automating Security Testing with the OWTF
Automating Security Testing with the OWTFAutomating Security Testing with the OWTF
Automating Security Testing with the OWTFJerod Brennen
 
Assess all the things
Assess all the thingsAssess all the things
Assess all the thingsJerod Brennen
 
What you need to know about OSINT
What you need to know about OSINTWhat you need to know about OSINT
What you need to know about OSINTJerod Brennen
 
Common Sense Security Framework
Common Sense Security FrameworkCommon Sense Security Framework
Common Sense Security FrameworkJerod Brennen
 
Please, Please, PLEASE Defend Your Mobile Apps!
Please, Please, PLEASE Defend Your Mobile Apps!Please, Please, PLEASE Defend Your Mobile Apps!
Please, Please, PLEASE Defend Your Mobile Apps!Jerod Brennen
 
Integrating security into the application development process
Integrating security into the application development processIntegrating security into the application development process
Integrating security into the application development processJerod Brennen
 
Bridging the Social Media Implementation/Audit Gap
Bridging the Social Media Implementation/Audit GapBridging the Social Media Implementation/Audit Gap
Bridging the Social Media Implementation/Audit GapJerod Brennen
 
Attacking and Defending Mobile Applications
Attacking and Defending Mobile ApplicationsAttacking and Defending Mobile Applications
Attacking and Defending Mobile ApplicationsJerod Brennen
 
Identity and Access Management 101
Identity and Access Management 101Identity and Access Management 101
Identity and Access Management 101Jerod Brennen
 
DDoS Attack Preparation and Mitigation
DDoS Attack Preparation and MitigationDDoS Attack Preparation and Mitigation
DDoS Attack Preparation and MitigationJerod Brennen
 
Information Security Management 101
Information Security Management 101Information Security Management 101
Information Security Management 101Jerod Brennen
 

Mehr von Jerod Brennen (14)

The Path to IAM Maturity
The Path to IAM MaturityThe Path to IAM Maturity
The Path to IAM Maturity
 
Hacking identity: A Pen Tester's Guide to IAM
Hacking identity: A Pen Tester's Guide to IAMHacking identity: A Pen Tester's Guide to IAM
Hacking identity: A Pen Tester's Guide to IAM
 
Stealing Domain Admin (or How I Learned to Stop Worrying and Love the CSSF)
Stealing Domain Admin (or How I Learned to Stop Worrying and Love the CSSF)Stealing Domain Admin (or How I Learned to Stop Worrying and Love the CSSF)
Stealing Domain Admin (or How I Learned to Stop Worrying and Love the CSSF)
 
Automating Security Testing with the OWTF
Automating Security Testing with the OWTFAutomating Security Testing with the OWTF
Automating Security Testing with the OWTF
 
Assess all the things
Assess all the thingsAssess all the things
Assess all the things
 
What you need to know about OSINT
What you need to know about OSINTWhat you need to know about OSINT
What you need to know about OSINT
 
Common Sense Security Framework
Common Sense Security FrameworkCommon Sense Security Framework
Common Sense Security Framework
 
Please, Please, PLEASE Defend Your Mobile Apps!
Please, Please, PLEASE Defend Your Mobile Apps!Please, Please, PLEASE Defend Your Mobile Apps!
Please, Please, PLEASE Defend Your Mobile Apps!
 
Integrating security into the application development process
Integrating security into the application development processIntegrating security into the application development process
Integrating security into the application development process
 
Bridging the Social Media Implementation/Audit Gap
Bridging the Social Media Implementation/Audit GapBridging the Social Media Implementation/Audit Gap
Bridging the Social Media Implementation/Audit Gap
 
Attacking and Defending Mobile Applications
Attacking and Defending Mobile ApplicationsAttacking and Defending Mobile Applications
Attacking and Defending Mobile Applications
 
Identity and Access Management 101
Identity and Access Management 101Identity and Access Management 101
Identity and Access Management 101
 
DDoS Attack Preparation and Mitigation
DDoS Attack Preparation and MitigationDDoS Attack Preparation and Mitigation
DDoS Attack Preparation and Mitigation
 
Information Security Management 101
Information Security Management 101Information Security Management 101
Information Security Management 101
 

Running Your Apps Through the "Gauntlt"