Gauntlt – Security Testing Framework For Developers & Ops

Use Netsparker


Gauntlt is a security testing framework that provides hooks to a variety of security tools and puts them within reach of security, dev and ops teams to collaborate to build rugged software. It is built to facilitate testing and communication between groups and create actionable tests that can be hooked into your deploy and testing processes.

Gauntlt - Security Testing Framework For Developers & Ops

To use gauntlt, you will need one or more attack files. An attack file is a plain text file written with Gherkin syntax and named with the .attack extension. For more info on the Gherkin syntax, have a look at Cucumber. A gauntlt attack file is almost the same as a cucumber feature file. The main difference is that gauntlt aims to provide the user with predefined steps geared towards security and durability testing so that you do not have to write your own step definitions, whereas cucumber is aimed at developers and stakeholders building features from end to end. Gauntlt and cucumber can and do work together harmoniously.

Example attack file:

Features

  • Gauntlt attacks are written in a easy-to-read language
  • Easily hooks into your org’s testing tools and processes
  • Security tool adapters come with gauntlt
  • Uses unix standard error and standard out to pass status

Tools Supported

You will need to install each tool yourself before you can use it with gauntlt. However, if you try to use a tool that is not installed or that gauntlt cannot find, you will get a helpful error message from gauntlt with information on how to install and/or configure the tool for use with gauntlt.

The authors also include a generic attack adapter that allows you to run anything on the command line, parse its output and check its exit status.

You can download Gauntlt here (using the starter kit):

Pre-requisites

  • Virtual Box
  • Vagrant

Or read more here.

Posted in: Security Software

,


Latest Posts:


Acunetix Vulnerability Scanner For Linux Now Available Acunetix Vulnerability Scanner For Linux Now Available
Acunetix Vulnerability Scanner For Linux is now available, now you get all of the functionality of Acunetix, with all of the dependability of Linux.
Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.


6 Responses to Gauntlt – Security Testing Framework For Developers & Ops

  1. Eric July 25, 2014 at 11:14 pm #

    Garmr can be found here: https://github.com/mozilla/Garmr

    • Darknet July 26, 2014 at 1:39 am #

      Thanks Eric.

  2. Paul July 26, 2014 at 3:34 am #

    Cucumber is not good tool, and especially for developers, just waste of time :) I think guy, who start this tool, is not Ruby developer :(

    • Darknet July 26, 2014 at 4:58 pm #

      Depends if you’re following BDD or not I guess? Any better BDD tools you suggest?

      • Paul July 26, 2014 at 7:39 pm #

        It’s not connected with TDD or BDD :) because this is tool without coding of app logic :) (T/B)DD is style for development app with tests, and tests should be first ;)

        Developer can describe business rules without duplication code in plain readable ruby code by using Test Unit or RSpec (TDD or BDD if they understand what is it). Cucumber maybe good when clients or qa (who do not understand Ruby syntax, but they should learn Gherkin syntax, and waste their time on copy pasting steps instead of good communication) prepare user stories, but I have not seen any clients who will create such scenarios (I’m Ruby developer – freelancer with Cucumber experience).

        You may review a lot of posts about those problem, and review OSS projects. Cucumber has been used only in several projects from the thousands on GitHub.

        • Darknet July 26, 2014 at 9:49 pm #

          Ah ok, understood – thanks for sharing your experience Paul :)