“For that warm and fluffy feeling”
Mittn is an evolving suite of security testing tools to be run in Continuous Integration context. It uses Python and Behave.
The idea is that security people or developers can define a hardening target using a human-readable language, in this case, Gherkin.
The rationale is:
Mittn was originally inspired by Gauntlt (http://gauntlt.org/). You might also want to have a look at BDD-Security (http://www.continuumsecurity.net/bdd-intro.html) that is a pretty awesome system for automating security testing, and offers similar functionality with OWASP Zaproxy.
Exact installation varies by the test tool you want to use. See the docs/ directory for detailed instructions.
NOTE: Backwards compatibility of false positive databases has been broken. The last version to be compatible with the original database schema is tagged “v0.1” on GitHub.
Currently, the tool implements:
If you’d like something else to be supported, please open an issue ticket against the GitHub project.
As you can see, all the heavy lifting is done by existing tools. Mittn just glues it together.
If you have questions about the usage, please open a ticket in the GitHub project with a “Question” tag.
If you have found a bug, please file a ticket in the GitHub project.
If necessary, you can also email firstname.lastname@example.org, but opening a ticket on GitHub is preferable.