OWASP Global AppSec US 2021 has ended
Back To Schedule
Thursday, November 11 • 1:00pm - 2:00pm
How to Thwart Malicious Automation and Kick Bot Butt for $0

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Credential stuffing, payment attacks, and other types of automated fraud aren't going away any time soon. How do you go from 0 to 100 in protecting your attack surface from bots and malicious automation? Vendors line up to promise in-house product security and operations teams their cure-all for this problem. In this talk, we'll take a holistic and vendor-agnostic approach to defending against bot attacks. We profile the threat together before going over tools for your stack -- including all open-source solutions! You can not only survive but thrive on $0 of vendor spend. Defensive maneuvers, architectural patterns, and product security recommendations will be covered. There are manual, reactive things you can do with your existing tools right now to thwart attackers. We'll build towards long-term and proactive controls. How to get management or developer buy-in will be explored in case that's a blocker today. At the end of this session, you will be a formidable bot hunter that humankind can be proud of -- plus a really informed product security person too!

avatar for Randy Gingeleski

Randy Gingeleski

Randy Gingeleski is an application hacker, currently doing product security for Block.one's cryptocurrency exchange Bullish. Before this, he built out HBO Max's security program after some years of consulting and pen testing.

Thursday November 11, 2021 1:00pm - 2:00pm PST

Attendees (8)