Security Monitoring (With Open Source Penetration Testing Tools)

How often do you have a full penetration test done on your
application? How often do you deploy changes? This talk is for
everyone who worries about the difference between the answers to those
two questions.

Penetration testing and other forms of security testing are often a
mystery to developers and operations people alike, a specialist skill
available only on the largest projects. With lots of good open source
penetration testing tools available it doesn’t have to be that way,
especially if we can turn some of those tools into things we run
constantly from our monitoring system.

This talk will:

• Identify security relevant metrics from a few tools available in a
  typical web stack
• Suggest a few more useful system tools which provide both protection
  and metrics
• Highlight a number of open source penetration testing tools, and
  show a few of them in use
• Find out which of those tools lend themselves to automation
• Bring it all together in a modern monitoring system

After the talk the audience will hopefully be:

• Scared of putting things on the internet
• Wanting to install a few simple tools that provide some protection
• Aware of a number of penetration testing tools they can use with
  their monitoring systems