Put your code through the Gauntlet

gauntlet, n. an attack from all sides

Your web app You

Your web app

w3af

fuzzers

nmap

nessus

sqlmapmetasploit

You

dirbustercustom attacks

Gauntlet is

an always-attacking environment for

developers

with attacks written in easy-to-read language

accessible to everyone involved in dev, ops,

security, ...

Gauntlet includes

Why Gauntlet?

Security domain knowledge is generally a mystery to dev teams

Gauntlet allows dev and ops and security to communicate and collaborate

Gauntlet joins:

The Philosophy of Rugged Software

&Principles of Behavior Driven Development

You are now commissioned as a

contributor to Gauntlet

Here is your badge

RUGGED

source: Jessica Allen, http://drbl.in/bgwy

github.com/wickett/gauntlet

Ideas to build

nmap to check ports

crawl site and search for passwords in text

(assume fuzzing)

badness with LOIC, slowloris, wget, curl

Include recon, scanning, fuzzing, injecting, load

multi-vector attacks:timing + load, fail

open, ...

these are just ideas, use your imagination

lets build some tests!

github.com/wickett/gauntlet