Scraping new territory:
Defending privacy in the new world

OVERVIEW

Data scraping is a unique threat, as adversaries apply offensive security techniques to obtain private user data at scale. Detecting and preventing scraping threats also entails a unique set of technical challenges, as it involves a variety of adversary profiles with limited incident signals for defenders. In recent years – in addition to the technical battle online – the battle against scrapers has transformed into a legal battle in the courts, with notable precedents impacting the overall scraping landscape.

In this talk, you will learn about the scraping threat landscape, and the lessons learned through defending and preventing scraping threats in the world’s largest social networks, Facebook and Instagram. We will cover attack scenarios, unique threat requirements, adversary profiles, and share our best practices for reducing scraping risks by adjusting common practices, such as Static Analysis and Red Teaming. In addition, we will provide context on the latest legal precedent in the scraping field, and how it can shape defense practices and user behavior. We will end with a call for action for security professionals, and how you can and should be more involved when setting industry standards for users’ privacy.