Mittn

"For that warm and fluffy feeling"

Background

Mittn is an evolving suite of security testing tools to be run in Continuous Integration context. It uses Python and Behave.

The idea is that security people or developers can define a hardening target using a human-readable language, in this case, Gherkin.

The rationale is:

  • Once the initial set of tests is running in test automation, new security test cases can be added based on existing ones without having to understand exactly how the tools are set up and run.
  • Existing functional tests can be reused to drive security tests.
  • Test tools are run automatically in Continuous Integration, catching regression and low-hanging fruit, and helping to concentrate exploratory security testing into areas where it has a better bang-for-buck ratio.

Mittn was originally inspired by Gauntlt (http://gauntlt.org/). You might also want to have a look at BDD-Security (http://www.continuumsecurity.net/bdd-intro.html) that is a pretty awesome system for automating security testing, and offers similar functionality with OWASP Zaproxy.

Installation

Exact installation varies by the test tool you want to use. See the docs/ directory for detailed instructions.

NOTE: Backwards compatibility of false positive databases has been broken. The last version to be compatible with the original database schema is tagged "v0.1" on GitHub.

Features

Currently, the tool implements:

If you'd like something else to be supported, please open an issue ticket against the GitHub project.

As you can see, all the heavy lifting is done by existing tools. Mittn just glues it together.

Contact information

If you have questions about the usage, please open a ticket in the GitHub project with a "Question" tag.

If you have found a bug, please file a ticket in the GitHub project.

If necessary, you can also email opensource@f-secure.com, but opening a ticket on GitHub is preferable.



Mittn

对于那种温暖蓬松的感觉

背景

Mittn是一套不断发展的安全测试工具套件 持续集成环境它使用Python和Behave。

这个想法是,安全人员或开发人员可以定义硬化 目标使用人类可读的语言,在这种情况下,是Gherkin。

理由是:

    一旦初始测试集在测试自动化中运行,新的 可以根据现有的安全测试案例添加安全测试用例 必须明确了解工具的设置和运行方式。
  • 现有功能测试可以重新用于驱动安全测试。
  • 测试工具会在持续集成中自动运行,捕捉 回归和低调的水果,并帮助集中精力 探索性安全测试进入更好的地区 爆炸比例。

Mittn最初是由Gauntlt启发的( http://gauntlt.org/ )。您 也可能想看看BDD-Security ( http://www.continuumsecurity.net/bdd-intro.html ),这是一个漂亮的 用于自动化安全测试的真棒系统,并提供类似的功能 功能与OWASP Zaproxy。

安装

精确安装因您要使用的测试工具而异。见 docs /目录下的详细说明。

NOTE: Backwards compatibility of false positive databases has been broken. The last version to be compatible with the original database schema is tagged "v0.1" on GitHub.

功能

目前,该工具实现:

如果您想要其他的支持,请打开一个问题 针对GitHub项目的票。

你可以看到,所有的重型吊装是由现有的工具完成的。 Mittn只是将它粘在一起。

联系方式

如果您对使用有任何疑问,请在…中打开机票 GitHub项目带有问题标签。

如果您发现错误,请在GitHub项目中提交一张机票。

如有必要,您还可以发送电子邮件至 opensource@f-secure.com ,但打开 GitHub上的门票是比较合适的。




相关问题推荐