Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Thursday, October 13 • 2:15pm - 3:15pm
Cleaning Your Applications' Dirty Laundry with Scumblr

Sign up or log in to save this to your schedule and see who's attending!

Like many cutting-edge companies, the environment at Netflix is constantly changing. New applications are deployed everyday, code is pushed every hour, and systems are spun-up and down at will to support changing demand patterns of online video streaming. This, combined with Netflix's 100% cloud model, provides significant challenges in understanding our assets, the risk they pose, and the vulnerabilities they expose.

In order to help address these issues we developed and released an open-source tool call Scumblr in 2014. Scumblr was initially focused on the outside--find interesting intelligence from the Internet and bring it to our attention. Internally at Netflix, however, we've set our sights on new challenges and have found new and innovative ways to use the Scumblr platform to make an AppSec engineer's life a little bit easier. Through a series of small tweaks as well as larger architectural changes, Scumblr has become a versatile tool that allows us to track a wide range of information including changes to endpoints on netflix.com, risk profiles for each application in our environment, and the status of vulnerabilities across a thousands of applications. We've made changes to Scumblr to make it faster, more flexible, and more powerful and we're ready to share these changes with the open source community.

Attendees of this talk will get an understanding for how we designed a tool that has been successful in tackling a broad range of security challenges. We'll share our latest uses for the tools include details on how we're using Scumblr for vulnerability management, application risk tracking and other uses. Finally, we'll discuss how you can replicate what we've done by sharing new plugins that integrate with Arachni, AppSpider, Github, while also showing just how easy it is to create new integrations that open up new opportunities for automation, data collection and analysis.

Speakers
avatar for Scott Behrens

Scott Behrens

Netflix
Scott Behrens is currently employed as a senior application security engineer for Netflix. Prior to Netflix Scott worked as a senior security consultant at Neohapsis and an adjunct professor at DePaul University. Scott's expertise lies in both building and breaking for application security at scale. An avid coder and researcher, he has contributed to and released a number of open source tools for both attack and defense. Scott has presented... Read More →
avatar for Andrew Hoernecke

Andrew Hoernecke

Netflix
Andy Hoernecke is a Senior Application Security Engineer on the Product and Application Security Team at Netflix where he spends his time on security automation, identifying and driving systemic security improvements to the Netflix architecture, and developing open source security tools. | | Prior to working at Netflix, Andy built and ran the Application Security program for Sears Online Business Unit. He has also held positions as an Adjunct... Read More →


Thursday October 13, 2016 2:15pm - 3:15pm
Grand Central Renaissance Washington, DC Downtown Hotel 999 9th St NW, Washington, DC 20001

Attendees (62)