Bots Gone Phishing - Defending Against Automated Attacks and Phishing

Explore the world of malicious bots and phishing attacks in this 50-minute conference talk by Pedro Fortuna and Jasvir Nagra at OWASP Foundation. Gain insights into how bots exploit web applications and APIs, automating tasks like password brute-forcing, credit card theft, and content scraping. Learn about the challenges posed by scriptable headless browsers and the limitations of traditional detection methods. Discover the role of bots in phishing attacks and understand why two-factor authentication may not be sufficient protection. Examine innovative defense strategies that combine obfuscation and one-time tokens to increase the cost and difficulty for bot operators. Watch a live demonstration of these techniques and learn how to anticipate and counter bot evasion tactics, ensuring your web applications remain secure against evolving threats.