AppSecUSA 2015 has ended
AppSecUSA 2015 - Buy ticket at http://2015.appsecusa.org/buy/
Back To Schedule
Thursday, September 24 • 10:30am - 11:25am
Building your own large scale web security scanning infrastructure in 40 minutes

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

There exists a lot of web security scanners and many are doing a descent good job. Yet there are times and genuine reasons when you wished you had your own scanning infrastructure. You perhaps wished how great it would be if you could build your own in 40 minutes. That you had more control. That you can add your custom requirements. Or may be using an existing one was not an option, from cost, scale, speed or code reuse perspective.

In this talk we will demonstrate:
1. how to build a robust web security scanner that answers many questions you might have.
2. how to scale it up as an infrastructure,
3. how to integrate it into your own continuous delivery pipeline.

We will also discuss the difference in the nature of this project as compared to related works such as Mozilla Minion and Netflix Monterey.

avatar for Bishan Kochar

Bishan Kochar

I am a security engineer at Yahoo, building automation wherever I can to make security transparent, proactive, effective and / or enabling. In the past I did pen testing, mostly web. Grew to actually trying to solve the problems. And that's what I keep doing today.
avatar for Albert Yu

Albert Yu

Security Engineer, Sr Principal, Yahoo
I works in the Yahoo Paranoid team, spending most of my time exploring how engineers build things and when stuff breaks. My current focus is to develop solutions that assure application security is kept intact regardless how fast we build and deliver.

Thursday September 24, 2015 10:30am - 11:25am PDT
Room B