File:Bot or Not - Mitigating Automated Threats to Web Applications - Bastian Braun.pdf

'''Vortrag: Bot or Not? - Mitigating Automated Threats to Web Applications (Bastian Braun)''' One of the prevalent threats for web applications are automated attacks. These range from the well-known scenario where an attacker tries to brute force password-protected login forms to sophisticated bots that try to silently but automatically harvest potentially sensitive information. Various technologies try to mitigate the threat posed by automated attacks. Some applications employ CAPTCHAs, others try to block requests from the attacker’s IP address. However, these anti-automation techniques usually suffer from side effects - many just impairing the user experience while some even tend to lock out a number of users mistakenly. This talk provides an overview of available anti-automation concepts and discusses advantages and shortcomings of each approach. Based on these characteristics, it gives recommendations about suitable areas of application for each concept and takes a long view on the applicability of today's best practices. Bastian wird den Vortrag in deutscher Sprache halten.