Abstract
Security Testing, or for that matter any sort of testing, is still being done in ways that are not really scalable and extensible. Testers like to write their own tools/scripts and run them locally on their system. There are many problems that plague this kind of approach for testing.
We will be discussing some of these problems and releasing a new tool - KubeBot - that was primarily built for automating and scaling bug bounties i.e. something that would run multiple tools on a schedule against multiple targets and only returns back the output from these tools if the output changes.
However, over time, it has proven out to be a more generic framework that can be leveraged as a harness to run any security testing tool and is easily scaleable (because of Kubernetes in the backend). It is extensible and provides a nice front end in the form of a Slackbot so that you can look at the results on a real-time basis.