Protect Your Code Against Attacks With Gauntlt

Intermediate

9 students completed the lab in ~45m

Total available time: 1h:15m

Be the first to rate this lab!

Lab Overview

Gauntlt is a security testing framework that uses a command-line interface (CLI) for running security tests, or attacks. Gauntlt provides a report of tests that passed and failed similar to other automated testing frameworks. Gauntlt integrates with many popular security tools and is easily extendable to perform custom security tests. In this Lab, you will learn how to use Gauntlt for security testing and protect application code against attacks with Guantlt by embedding it into an AWS CodePipeline continuous integration pipeline. After completing the Lab you can begin implementing security as code within your own DevOps practices.

Lab Objectives

Upon completion of this Lab you will be able to:

  • Understand the basic concepts of security testing with Gauntlt
  • Write and execute security tests with Gauntlt
  • Integrate Gauntlt security tests into a continuous integration pipeline
  • Use AWS Cloud9 for writing code and issuing commands from a browser

Lab Prerequisites

You should be familiar with:

  • Basic Docker concepts
  • Basic continuous integration concepts
  • Working at the command line in Linux

Lab Environment

Before completing the Lab instructions, the environment will look as follows:

After completing the Lab instructions, the environment should look similar to:

Follow these steps to learn by building helpful cloud resources

Logging in to the Amazon Web Services Console

Your first step to start the Lab experience

Opening the AWS Cloud9 IDE

Open the AWS Cloud9 browser-based Integrated Development Environment (IDE)

Executing Your First Gauntlt Attack

Install Gauntlt using the RubyGems package manager

Working With Gauntlt Attack Adapters

Learn about and use Gauntlt attack adapters to simplify security testing

Using Gauntlt to Test a Local Application

Run an application locally with Docker and security test it with Gauntlt

Including Gauntlt Security Testing in a Continuous Integration Pipeline

Add a Gauntlt security acceptance test to a continuout integration pipeline in AWS CodePipeline