Enabling Development to do Security Testing with Jeff Williams

Software is incredibly hard to secure because it's a black box. We've spent decades struggling to verify properties of software from the outside by analyzing the source code, scanning, fuzzing, pentesting, etc... What we need is "security observability," so we can see and test exactly what's going on inside the box while it's running. Testing security from the inside has dramatic speed, accuracy, coverage, and scalability advantages over scanners and other traditional testing approaches. In this talk, you'll learn how to use the free and open source Java Observability Toolkit (JOT) to instrument applications and create great security without writing any code. You can use JOT to analyze security defenses, identify complex vulnerabilities, create custom sandboxes, and even block attacks. Come add another powerful tool to your testing toolbox, and learn how to do security testing the easy way.

We will be hosting the Meetup over Zoom (event password is: dcast). A recording and materials from the presentation will be shared over our Slack channel