DevOps is all about speed. Remaining agile throughout the development, testing and deployment life-cycle is what delivers features to customers and that’s what makes a product successful. Only recently have we seen agility around security be evangelized within the DevOps culture, but security should never have been a speed bump to begin with. There are many ways you can automate simple security tasks that give you an immense amount of coverage at little to no cost without slowing down your product. One of these simple tasks includes effective perimeter and application testing.
Introduce Agility Into Your Testing
Testing from the same static sources can leave you jaded, ultimately flatlining your visibility. With automation, you can easily formulate methods to achieve new perspectives around your testing, which increases your rates of detecting an anomaly. To accomplish this goal, we created RandomHack, which runs a suite of tests through a randomly selected attack tool in the comfort of a Docker container.
Testing from the same static sources can leave you jaded, ultimately flatlining your visibility.
Wrapping everything within a Docker container allowed us to bundle in each of the attack tooling dependencies. This removed the headache and overhead nightmare around maintainability without needing to worry about dependency conflicts on each of the executing hosts. Utilizing Docker in this manner also creates a sense of test agility, allowing us to keep our test suites ephemeral. No more worrying about the need to manage multiple versions of RVM, Python, Perl, etc on specific nodes, and waiting for them to download, compile and install. This saves you both engineering and operational overhead.
Building Blocks with Docker
Swiftness often comes with size. To stay swift in our security testing, we need to keep our docker image small in size, but still allow it throw a toppling blow. You can find the code on GitHub.
Using Alpine Linux, which is small and efficient enough to run in RAM at 5.258MB, we can avoid the bloat of Ubuntu and other distribution base images which ring it at a minimum of 200MB.
Upon execution, the entrypoint script will randomly select an attack tool from the attacks/ directory. This creates a simple and modular way to organize, add and modify new types of attacks. Instead of having to rebuild all the layers of your container when updating an attack source, you now only need to rebuild your attacks/ layer.
To make this even more dynamic, entrypoint expects an argument, which we pass in as our network CIDR’s or hosts to be scanned. This prevents you from having to rebuild the containers once again to adjust your tooling to the ever changing cloud.
Whoa.
Visibility At Last
Once you start testing, you can begin to keep track of your improving security posture. Within your arsenal of attacks you can even add in nmap scans for testing your network defense, wpscan for WordPress sites, and the list goes on and on. By investing a small amount of time into automating security testing, you’ve just filled major visibility gaps around your company, which help keep the product safe and secure.
Member discussion