© bluebay, 123RF.com

Throw Down the Gauntlet

Security As Code

Special Thanks: This article was made possible by support from  Linux Professional Institute

When you add features to your software frequently, each iteration needs to be checked meticulously to iron out wrinkles before they cause more headaches further upstream in production. It should go without saying that a critical part of that testing process relates to security, and initiating as many (useful) tests as possible to catch anomalies and potential security holes can only be of great benefit in both the long and the short term.

One of the most satisfying of these security tools is Gauntlt, whose well-constructed ReadMe file provides the following description: “Gauntlt is a ruggedization framework that enables security testing that is usable by devs, ops, and security.” The learning curve is not particularly steep, and once you have written your security requirements as code, you should find the results are easy to read and refactor when changes are necessary.

That Gauntlt website also offers welcome news that 2018 marks “re-launching development efforts and building a community of practice.” Further information also encourages volunteering for the worthwhile cause of improving Gauntlt.

In this article, I will be firing some shots at existing systems to provide some simple security testing examples, and I point you toward a number of vanilla examples later on.

Run The Gauntlt

The powerful Gauntlt’s raison d’etre is to write security as code into your test suites (e.g., the ever-popular Travis CI or

Buy ADMIN Magazine

SINGLE ISSUES

Print Issues

Digital Issues

 

SUBSCRIPTIONS

Print Subs

Digisubs

 

TABLET & SMARTPHONE APPS

US / Canada

UK / Australia