From the course: DevSecOps: Building a Secure Continuous Delivery Pipeline
Unlock the full course today
Join today to access over 22,400 courses taught by industry experts or purchase this course individually.
Gauntlt in practice
From the course: DevSecOps: Building a Secure Continuous Delivery Pipeline
Gauntlt in practice
- [Instructor] DAST tools are great. But they can be slow and clunky for fitting into CICD pipeline. I'd like to introduce an open source tool that I helped create to address the shortcomings of DAST tools. The tool I'm talking about is Gauntlt. I've got a whole course on this in the library called DevSecOps: Automated Security Testing. This video will just be a quick look at the tool, but if you want a full hands-on experience, be sure to check out that other course. Okay, let's head over to the projects home over at gauntlt.org. Gauntlt provides hooks to a variety of security tools and puts them within reach of security, development and operations teams so that they can collaborate to build rugged software. Gauntlt works by wrapping attack tools and checking their output using the plain text files that end in the .attack extension. Let's use Gauntlt to run the popular DAST tool, Arachni, to do a quick scan for cross site scripting. I'm going over to the command line now. First…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.