Henry Dalziel | General Hacking Posts, Hacker Hotshots, Information Security Conferences | July 29, 2013
If testing and firming up your code is important to you (which we hope it is!) then this Hacker Hotshot event is for you, titled “Gauntlt: Rugged by Example” with core developer James Wickett.
About James Wickett
We are delighted to welcome James Wickett on our Hacker Hotshots web show, not least because he is clearly a highly qualified and experienced information security professional, but also because he is the core developer of Gauntlt (here’s the link to the framework and gem installation).
James, like all our invited speakers on Hacker Hotshots, is a well known personality within the Information Security community, and is particularly well known with the DevOps space. His experience is extensive and varied and he is currently working as a Senior DevOps Engineer at Mentor Graphics. Mentor Graphics is a US-based multinational corporation dealing in electronic design automation (EDA) for electrical engineering and electronics.
James is also the founder of the Lonestar Application Security Conference which is the largest annual security conference in Austin, Texas. He volunteers as one of the chapter leaders for the OWASP Austin chapter and he holds a variety of IT security certifications such as CISSP, GWAPT, GCFW, GSEC and CCSK. (Side note: on the subject of OWASP, you should also be aware of another amazing event we have lined up Wednesday August 14th titled: “The State of OWASP” with Michael Coates).
Gauntlt is an open source framework that is designed to help programmers with security testing of their code. At OWASP AppSec USA 2012, James, along with co-developers Jeremiah Shirk and Mani Tadayon described Gauntlt (which by the way is pronounced Gaunt-let) as a framework which can be used by security experts with interest in automation as well as developers with an interest in security. Perhaps the best way to describe Gauntlt (we stand corrected on August 7th when James confirms his definition!) is by its’ strapline, i.e. “Be Mean To Your Code.”
Having James on the show really compliments two recent Hacker Hotshot shows we had, namely, last Wednesday, “Secure Code Reviews Magic or Art?” with Sherif Koussa. Sherif was excellent and we really enjoyed having him on the show. Sherif outlined how security code reviews are one of the best ways to uncover security flaws in source code, and he also highlighted the required essential steps, skills and tools to kick-off security code reviews at your organization. If you watched Sherif, then you must watch and learn from James as he discusses Gauntlt because there will be a significant amount of similarity.
The second show which has direct comparison to James’s upcoming Gauntlt talk was Dan Cornell July 16th 2013: “The Magic of Symbiotic Security Creating an Ecosystem of Security Systems ThreadFix.” Dan is a very well known InfoSec professional, in fact he is speaking at BlackHat 2013, and he is the owner of the Denim Group, an organization which develops secure software. One of their best known applications, the ThreadFix Open Source Software Vulnerability Management Tool, is designed to find vulnerabilities and give security professionals the ability to understand the security of their applications and efficiently conduct remediation. Again, similarity and in the same ball-park as Gauntlt.
Each of the above solution offers a different approach so it will be interesting to hear James discuss how Gauntlt works and the benefits the framework brings to an organization.
If you are a developer or a programmer and securing web applications is your thing (which if you are a programmer it should!) then get yourself signed up to this event! Remember to ask questions and grab the gem install code before the web show so that you can familiarize yourself.