Explore how Netflix tackles application security challenges in this AppSecUSA 2016 conference talk. Learn about Scumblr, an open-source tool developed by Netflix to address asset management, risk assessment, and vulnerability detection in their dynamic cloud environment. Discover how Scumblr has evolved from its initial focus on external intelligence gathering to become a versatile platform for tracking endpoints, application risk profiles, and vulnerabilities across thousands of applications. Gain insights into the tool's architectural changes, new plugins, and integrations with Arachni, AppSpider, and Github. Understand how to replicate Netflix's approach to automation, data collection, and analysis in your own security practices. Presented by Scott Behrens and Andrew Hoernecke, senior application security engineers at Netflix, this talk covers Scumblr's latest uses, including vulnerability management and application risk tracking, and demonstrates how to create custom integrations for enhanced security automation.
Cleaning Your Applications' Dirty Laundry with Scumblr
Overview
Syllabus
Intro
Audience Poll
Agenda
Netflix Application Security
Netflix Security Challenges
Proactive Security
Matured Program
Terminology
Demo
Metadata
Configurable columns
New task types
Task groups
Events
Open Source
Demos
Bulk Add Results
Identify Secret in HTML Response
Scumblr Event Log
Github Easter Egg
GitHub Search
Chaining
Results
Using Events
Creating vulnerabilities manually
Metadata search
Why does this approach work
We are hiring
Taught by
OWASP Foundation
