From the course: DevSecOps: Building a Secure Continuous Delivery Pipeline

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

Gauntlt in practice

Gauntlt in practice

From the course: DevSecOps: Building a Secure Continuous Delivery Pipeline

Start my 1-month free trial

Gauntlt in practice

- [Instructor] DAST tools are great. But they can be slow and clunky for fitting into CICD pipeline. I'd like to introduce an open source tool that I helped create to address the shortcomings of DAST tools. The tool I'm talking about is Gauntlt. I've got a whole course on this in the library called DevSecOps: Automated Security Testing. This video will just be a quick look at the tool, but if you want a full hands-on experience, be sure to check out that other course. Okay, let's head over to the projects home over at gauntlt.org. Gauntlt provides hooks to a variety of security tools and puts them within reach of security, development and operations teams so that they can collaborate to build rugged software. Gauntlt works by wrapping attack tools and checking their output using the plain text files that end in the .attack extension. Let's use Gauntlt to run the popular DAST tool, Arachni, to do a quick scan for cross site scripting. I'm going over to the command line now. First…

Contents