This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Thursday, October 24 • 2:00pm - 2:45pm
Rugged Driven Development with Gauntlt

Sign up or log in to save this to your schedule and see who's attending!

"Be Mean to Your Code” is the core concept behind the ruggedization framework called Gauntlt (http://gauntlt.org) which brings the benefits of Behaviour Driven Development to the realms of automated security testing, application hardening and ruggedization. Security testing is often done at a cadence set by the audit team and is often obscured from the development and operations teams. This isn't good and this creates an adversarial relationship between security, dev and ops.

Gauntlt helps security, ops, and development teams work together. Gauntlt is meant to be used by security experts with interest in automation as well as developers with interest in security. It can be used to deliver the results of a security audit or penetration test via failing Gauntlt attacks (tests) which can in turn be added to automated test suites. Developers know they have resolved a particular vulnerability when Gauntlt no longer reports a failure. Gauntlt can also be used in regression tests to detect when a previously resolved vulnerability has been re-introduced.

Traditional approaches to web security can be less effective in cloud environments, due to the highly dynamic nature of cloud infrastructure. Fortunately, infrastructure-driven, continuous testing can overcome many of these challenges. Netflix uses Gauntlt to continuously validate that the security configuration of its cloud deployment and applications remains as expected, even with a rapid rate of change and high degree of self-service. 

One of the core contributors of the Gauntlt project, James Wickett will talk about the history of the project, the current features, examples of how to use Gauntlt and the future roadmap of Gauntlt. As part of this talk we will do a demo where we will walk the audience through getting started using pre-built Gauntlt attacks and then move to writing their own Gauntlt attacks. Come find out how to "Be Mean to Your Code" and ruggedize your next project.

Gauntlt is an open source ruggedization framework using cucumber and written in ruby. It has been developed in collaboration with the security engineering teams at Netflix and Twitter. Gauntlt is MIT Licensed and hosted on github at http://github.com/gauntlt/gauntlt.

avatar for James Wickett

James Wickett

Sr. Engineer, Signal Sciences Corp
James is an innovative thought leader in the DevOps and InfoSec communities and has a passion for helping big companies work like startups to deliver products in the cloud. He got his start in technology when he ran a Web startup company as a student at University of Oklahoma and since then has worked in environments ranging from large, web-scale enterprises to small, rapidly growth startups. As a Senior DevOps Engineer, James is currently... Read More →

Thursday October 24, 2013 2:00pm - 2:45pm
21CT Room Norris Conference Center, 2525 W. Anderson Lane, Suite 365, Austin, Texas 78757

Attendees (17)