Tuxtendo Rootkit [ Not found ]
URK Rootkit [ Not found ]
Vampire Rootkit [ Not found ]
VcKit Rootkit [ Not found ]
Volc Rootkit [ Found ]
Xzibit Rootkit [ Not found ]
X-Org SunOS Rootkit [ Not found ]
zaRwT.KiT Rootkit [ Not found ]
ZK Rootkit [ Not found ]
Performing additional rootkit checks
Suckit Rookit additional checks [ OK ]
Checking for possible rootkit files and directories [ None found ]
Checking for possible rootkit strings [ None found ]
Gareth Rushgrove
>> nosetests -v rkhunter-librato-test.py
rkhunter-libratoo-test.test_beastkit_not_installed ... ok
---------------------------------------------------------
Ran 1 test in 1.585s
OK
Gareth Rushgrove
aureport or ausearch
and something
Gareth Rushgrove
Slide 61
Slide 61 text
Security in
development
(Monitor development too)
Slide 62
Slide 62 text
Monitor security in
your pipeline
Gareth Rushgrove
Slide 63
Slide 63 text
Virus scan your
artefacts
Gareth Rushgrove
Slide 64
Slide 64 text
Gareth Rushgrove
ClamAV +
Jenkins
Slide 65
Slide 65 text
Gareth Rushgrove
Slide 66
Slide 66 text
Gareth Rushgrove
Get data to
Graphite
Slide 67
Slide 67 text
Static analysis
Gareth Rushgrove
Slide 68
Slide 68 text
Brakeman for Ruby
on Rails
Gareth Rushgrove
Slide 69
Slide 69 text
Gareth Rushgrove
Slide 70
Slide 70 text
Gareth Rushgrove
Slide 71
Slide 71 text
Vulnerabilities in
dependencies
Gareth Rushgrove
Slide 72
Slide 72 text
Gareth Rushgrove
OWASP
dependency
check
Slide 73
Slide 73 text
Gareth Rushgrove
Ruby
security
advisories
Slide 74
Slide 74 text
Gareth Rushgrove
Bundler
audit
Slide 75
Slide 75 text
> bundler-audit
!
Name: actionpack
Version: 3.2.10
Advisory: OSVDB-91452
Criticality: Medium
URL: http://www.osvdb.org/show/osvdb/91452
Title: XSS vulnerability in sanitize_css in
Action Pack
Solution: upgrade to ~> 2.3.18, ~> 3.1.12,
>= 3.2.13
Gareth Rushgrove
Slide 76
Slide 76 text
Gareth Rushgrove
Slide 77
Slide 77 text
it "should have no vulnerable gems" do
@issues.should have(0).items
end
Gareth Rushgrove
Slide 78
Slide 78 text
rspec audit-rspec.rb -f d
my application dependencies
should have no vulnerable gems (FAILED - 1)
should have a safe version of ruby on rails
!
Finished in 0.03949 seconds
2 examples, 1 failure
Gareth Rushgrove
Slide 79
Slide 79 text
Aside:
penetration
testing tools
(State of open source)
Starting Nmap 5.21 ( http://nmap.org ) at
2013-09-18 15:09 BST
Nmap scan report for monitorama.eu
(141.101.116.49)
Host is up (0.17s latency).
Hostname monitorama.eu resolves to 2 IPs. Only
scanned 141.101.116.49
Not shown: 998 filtered ports
PORT STATE SERVICE
80/tcp open http
8080/tcp open http-proxy
Nmap done: 1 IP address (1 host up) scanned in
24.18 seconds
Gareth Rushgrove
Slide 92
Slide 92 text
Gareth Rushgrove
Slide 93
Slide 93 text
it "should have one port open" do
@open_ports.should have(1).items
end
Gareth Rushgrove
Slide 94
Slide 94 text
it "should have port 80 open" do
@open_ports.should contain(80)
end
Gareth Rushgrove
Slide 95
Slide 95 text
Gareth Rushgrove
Slide 96
Slide 96 text
1) the monitorama.eu website should have one port open
Failure/Error: @open_ports.should have(1).items
expected 1 items, got 12
# ./nmap-rspec.rb:24:in `block (2 levels) in '
!
Finished in 2.47 seconds
2 examples, 1 failure
Gareth Rushgrove
+
+[+] 2 issues were detected.
+
+[+] [1] Trusted -- Cross-Site Scripting (XSS)
+[~] ~~~~~~~~~~~~~~~~~~~~
+[~] ID Hash:
+[~] Severity: High
+[~] URL: http://victim/pictures/search.php
+[~] Element: form
+[~] Method: GET
+[~] Tags: xss, regexp, injection, script
+[~] Variable: query
+[~] Description:
+[~] Client-side code (like JavaScript) can be injected
+ into the web application which is then returned to
+ the user's browser. This can lead to a compromise
+ of the client's system or serve as a pivoting
+ point for other attacks.
+
Gareth Rushgrove