LASCON 2021

Software is incredibly hard to secure because it's a black box. We've spent decades struggling to verify properties of software by analyzing the source code, scanning, fuzzing, pentesting, etc... The goal of "security observability" is to expose exactly what's going on inside the box while it's running. In this talk, you'll learn how to use the free and open source Java Observability Toolkit (JOT) project to easily create your own powerful runtime instrumentation without coding. You can use JOT to analyze security defenses, identify complex vulnerabilities, create custom sandboxes, and enforce policy at runtime. Ultimately, security observability allows Dev, Sec, and Ops teams to work together in harmony, so you can focus on delivering value at high velocity.