My journey through building an advanced bot detection product - David Senecal - AppSecUSA 2018
Bot activity represents a significant part of the overall Internet traffic. In the past, bots were concentrating on scraping content from ecommerce sites but in more recent years, bots are also being used to conduct fraudulent activity such as account checking, automated account creation, gift card or loyalty point theft.
As a web security product architect, my focus over the last 5 years has been to design and develop a comprehensive product that can detect and classify bots to protect the largest ecommerce and finance web site from the most sophisticated bots. Because taking over an account or stealing gift cards is lucrative, bot operators that focus on fraud are by far the most sophisticated, knowledgeable and motivated and as such, the most challenging to defend against. In this talk, I will discuss my journey through the product development life cycle and provide some insight into:
- The different type of bots IĆ¢€™ve come across
- The detection techniques developed over time
- How bot operators typically react (war stories from the trenches)
- The difficult challenge of accuracy
Detecting fraud for an organization is crucial but can also be a significant engineering effort. However, combining home-grown detection methods, commercial bot detection products, and good web design practices can dramatically reduce or eliminate the attack surface and discourage the attacker.
Speaker
David Senecal
Product Architect, Akamai Technologies
15 years of Network technology, web performance and web security support and consulting background from 50+ large scale projects for Global 1000 companies as well as start-up companies. Proven ability to conceive, develop, deploy and operate complex systems and applications.
-
Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP...