Explore the world of malicious web bots and automated threats to web applications in this 35-minute LASCON conference talk. Delve into the OWASP Automated Threat Handbook to gain a comprehensive understanding of common automated attacks, including click fraud, comment spamming, content scraping, and password cracking. Learn how to navigate the challenges of unwanted web automation using real-world examples and practical countermeasures. Discover the importance of a common language and terminology in addressing these threats effectively across different roles in web application development and security. Gain insights into the OWASP project's efforts to create an information hub for web application stakeholders, and explore countermeasure techniques applicable throughout the software development lifecycle. Participate in the ongoing improvement of this crucial resource by contributing your own experiences and knowledge to combat evolving automated threats in the digital landscape.
Uninvited Guests on the World's Wild Web - Understanding Malicious Web Bots
Overview
Syllabus
Intro
Uninvited Guests on the World's Wild Web: Understanding Malicious Web Bots with OWASP Handbook
The Automated Threats Handbook
Introducing ... OATS
Account Takeover
Credit Card Abuse
E-Commerce Stats Skewed
Stress on Infrastructure
Denial of Service Target resources of the application and database servers, or individual user
Goods in Wrong Hands
Countermeasures in SDLC Phases
Countermeasures Types
Countermeasure: Rate
Countermeasure: Fingerprinting
Taught by
LASCON
