Malya Jain
Scraping has evolved from a nuisance into a sophisticated, economically motivated threat to user privacy and platform integrity. Most organizations rely on reactive rate-limiting and passive monitoring defenses routinely bypassed by well-resourced attackers. This talk presents a different approach: proactively attacking your own platform through a dedicated Scraping Red Team program. We introduce adversary economics as the primary defensive metric such as, the attacker's cost-per-record. When that number is low, your defenses are failing regardless of what your dashboards say. Drawing on real operational experience, we walk through engagement design, privacy-aware data handling, structured vulnerability reporting, and validated remediation.
Malya Jain is a Senior Security Engineer at Meta, where she leads the Vector Discovery team within the Anti-Scraping organization, protecting billions of users. She manages three red teams conducting continuous offensive scraping operations and has built programs spanning static analysis, scraping threat intelligence, and bug bounty integration for scraping vectors. Malya authored "Best Practices for Unauthorized Scraping Red Teaming Exercises," published through the Mitigating Unauthorized Scraping Alliance (MUSA). She has presented at the Underground Economy Conference (France), Ekoparty (LATAM), and RISE USA. Malya is an IEEE Senior Member, WiCyS National Mentor, and holds three GIAC certifications and a Stanford Advanced Cybersecurity Certificate.
