1 / 18

Orchestrating Security Testing With Golismero

Orchestrating Security Testing With Golismero. Mike Landeck. Speaker Bio. Mike Landeck.

abraham-clay
Download Presentation

Orchestrating Security Testing With Golismero

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Orchestrating Security Testing With Golismero Mike Landeck

  2. Speaker Bio Mike Landeck Mike Landeck led the security implementation and then operationalized the Country’s largest Medicaid Management Information System as the Director of Information Security for Xerox’ State Healthcare and then managed the security program implantation of Colorado’s Health Insurance Exchange as a consulting manager for CGI. Mike currently consults at one of the World’s largest technology companies on improving security in the software development lifecycle as a Product Security Strategy Consultant. Mike is a frequent conference speaker and workshop presenter appearing at conferences throughout the United States focusing on topics of software security testing and security program management

  3. Disclaimer I do not speak on behalf of my employer. The information and perspectives I present are personal and do not represent those of my employer.

  4. Golismero

  5. Agenda Agenda • Very Brief Business Context • Golismero for Senior Users • Golismero for complete and total rookies

  6. Business Context Top three reason I hear organizations cite for not using more automated assessment tools: • Don’t know how to use • Don’t know which tools to use • Too much time to vet results

  7. Business Context Typical Automated Security Assessments Web Vulnerability Host Vulnerability Network Vulnerability Application Vulnerability

  8. Business Context

  9. Golismero Demo Simple Demo- Default Settings Golismero scan <host> Action Test Target

  10. Golismero Config File File Location: /usr/share/golismero/golismero.conf [openvas] host = localhost # [testing/scan/openvas] user = admin password = <your password> # [shodan:Configuration] apikey = <your shodan key>

  11. Golismero Demo Golismero Advanced golismero scan <host> -db <name for scan> -o <user defined name of output file> --cookie <name=value> --user-agent <user defined value> -pu <user name> -pp <password>

  12. Golismero Reporting Report Formats: • Determined by the extension • I.e.: .html, .txt and .rst Reporting on Previous Scans: golismero report <fileName.ext> -db<scanName.db>

  13. Golismero for Complete Rookies Step 1: Download VMWare Player Step 2: Download pre-configured kali image Step 3: Open Image Step 4: Click the button to start wizard Links and help for all this at: http://SoftwareSecurityAssurance.com/AppSecUSA2014

  14. Setting up a Test System Demo: Go from zero experience to running golismero!

  15. Installing Kali There is not enough time in a one hour workshop to walk through the installation process, however there are literally hundreds of Kali installation demo’s on YouTube. • This one is comprehensive (and narrated!) https://www.youtube.com/watch?v=k5mNnkG0FVk

  16. Questions

  17. Useful Links

  18. End –h now

More Related