Lead Image © bluebay, 123RF.com

Security as Code

Throw Down the Gauntlet

When you add features to your software frequently, each iteration needs to be checked meticulously to iron out wrinkles before they cause more headaches further upstream in production. It should go without saying that a critical part of that testing process relates to security, and initiating as many (useful) tests as possible to catch anomalies and potential security holes can only be of great benefit in both the long and the short term.

One of the most satisfying of these security tools is Gauntlt [1], whose well-constructed ReadMe file [2] provides the following description: "Gauntlt is a ruggedization framework that enables security testing that is usable by devs, ops, and security." The learning curve is not particularly steep, and once you have written your security requirements as code, you should find the results are easy to read and refactor when changes are necessary.

The Gauntlt website also offers welcome news that 2018 marks "re-launching development efforts and building a community of practice." Further information also encourages volunteering for the worthwhile cause of improving Gauntlt.

In this article, I will be firing some shots at existing systems to provide some simple security testing examples, and later on, I point you toward a number of vanilla examples.

Run the Gauntlt

The powerful Gauntlt's raison d'etre is to write security as code into your test suites (e.g., the ever-popular Travis CI [3] or GitLab CI [4]), which integrates easily with tools you might normally use manually. These tools might be used for database hacking, penetration testing, open network port probing, or analysis of an SSL/TLS

Buy this article as PDF

Express-Checkout as PDF

Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES

Print Issues

Digital Issues

 

SUBSCRIPTIONS

Print Subs

Digisubs

 

TABLET & SMARTPHONE APPS

US / Canada

UK / Australia