We are gonna do one more OWASP meetup for the year – hopefully we will be in person soon. Things start at noon with news and notes, and then Jean Yang is going to discuss API security models.

Description: It is easier than ever before to build complex web applications. But developer tooling for understanding, testing, and maintaining these systems has not caught up. The result is that developers end up piecing the whole story together through reading code, logs, and documentation. And if it’s hard for developers to get visibility, it’s even harder for security. In this talk, I’ll talk about why it’s so hard to use existing tools like static analysis and network-level tools for understanding and root causing data security issues, and how building dynamic behavioral models of services can help. I’ll talk about the API-level tooling we’re building at Akita and give a demo.

Bio: Jean Yang is the founder and CEO of Akita Software, an API tools company. She was previously an Assistant Professor in the Computer Science Department at Carnegie Mellon University, where her research focused on the intersection of programming systems and security.