Download - Gauntlet Kickoff at Austin OWASP Hackathon
Put your code through the Gauntlet
gauntlet, n. an attack from all sides
Your web app You
Your web app
w3af
fuzzers
nmap
nessus
sqlmapmetasploit
You
dirbustercustom attacks
Gauntlet is
an always-attacking environment for
developers
with attacks written in easy-to-read language
accessible to everyone involved in dev, ops,
security, ...
Gauntlet includes
Why Gauntlet?
Security domain knowledge is generally a mystery to dev teams
Gauntlet allows dev and ops and security to communicate and collaborate
Gauntlet joins:
The Philosophy of Rugged Software
&Principles of Behavior Driven Development
You are now commissioned as a
contributor to Gauntlet
Here is your badge
github.com/wickett/gauntlet
Ideas to build
nmap to check ports
crawl site and search for passwords in text
(assume fuzzing)
badness with LOIC, slowloris, wget, curl
Include recon, scanning, fuzzing, injecting, load
multi-vector attacks:timing + load, fail
open, ...
these are just ideas, use your imagination
lets build some tests!
github.com/wickett/gauntlet