Hanging out to dry

Netflix proudly displays its developers’ ‘Dirty Laundry’

Natali Vlatko
Laundry image via Shutterstock

Netflix has created a platform to monitor their own programmer’s mistakes, using tools that are soon to be released as open source. The aim is to become proactive about data leakage and boost security of assets via in-house technology.

Netflix’s latest security repo, dubbed the ‘Dirty Laundry’ Project, is designed to help monitor unintentional data leakage of sensitive assets by staff. The in-house development is soon to join an already growing arsenal of security tools that have been open-sourced by the video streaming site.

Proactive measures

Introducing the platform at the recent SchmooCon 2015 event, Netflix engineers Scott Behrens and Andy Hoernecke said it contributed to proactive security as a solution to challenges of a modern infrastructure, namely operations that are primarily in the cloud.

With roughly over 1,000 developers working at Netflix, and no security gates when pushing production, this platform has been designed to help ensure that developers aren’t “putting us at risk” by allowing applications to be exposed “with all the ports available”.

To spearhead their proactive security approach, Behrens demonstrated how Dirty Laundry plugged into other open source tools such as Monterey, Scumblr and Sketchy to provide contextual analysis on any given app. Monetery tracks assets and scans for vulnerability, Scumblr actions those findings, and Sketchy collects status codes, text scrapes and generates screenshots.

An additional tool mentioned by Behrens was Speedbump, referred to as “a WAF, proxy and firewall on steroids” because of its inclusion of application intelligence. This kind of app was necessary for the duo to build into the app layer so as to detect attacks and enforce security policies automatically:

The app layer is the smartest place to roll this kind of functionality in because the app is going to have the most knowledge of what is going on. A lot of times, we think about the network layer, but really the app layer is where it’s all happening.

Netflix has a record of sharing its wares with the open source community, with a number of tools available for monitoring security within the AWS cloud (Security Monkey: Python), deployments and general cloud management (Asgard: Groovy) and token and centralized configuration management for Cassandra (Priam: Java).

Netflix’s entire collection of open source tools is available over on GitHub. A video of the talk by Behrens and Hoernecke can be found here.

Natali Vlatko
An Australian who calls Berlin home, via a two year love affair with Singapore. Natali was an Editorial Assistant for (S&S Media Group).

Inline Feedbacks
View all comments