This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Tuesday, January 24 • 2:30pm - 3:20pm
Uninvited Guests on the World's Wild Web: Understanding Malicious Web Bots with OWASP Handbook

Sign up or log in to save this to your schedule and see who's attending!

Day in and day out, web applications are subject to unwanted automated usage. These events often relate to misuse of inherent valid functionality, rather than the attempted exploitation of unmitigated vulnerabilities. Example of these events include click fraud, comment spamming, content scraping, password cracking, and many more. 

Without common language and terminology between architects and developers architects, business owners and engineers, builders and defenders, and security vendors and buyers, misunderstandings do happen, and they can be costly. The OWASP project on Automated Threats to Web Applications has produced an ontology providing a common language to facilitate clear communication and help tackle the issues. The project identifies symptoms of these issues and discusses countermeasures against them. 

One product of the project is the OWASP Automated Threat Handbook, which has recently been updated. As with all OWASP materials, the book is free to download and use. This talk will help you navigate the swampland of malicious web automation using the handbook as guide, along with examples from the real world. It will also offer advice, and discussion, on countermeasure techniques usable by builders and defenders alike of web applications. 

This OWASP project is intended to be an information hub for web application owners, builders and defenders, providing practical resources to help them protect their web properties against unwanted automated processes. The project seeks input from the industry -- and the audience -- to continuously improve its impact on real-world unwanted web automation problems. 

avatar for Tin Zaw

Tin Zaw

Volunteer, OWASP
Tin Zaw currently co-leads the OWASP project on Automated Threats to Web Applications, along with Colin Watson. At his day day job, he leads a global practice to help Verizon customers secure web properties at Verizon Digital Media. | | He started his career programming network protocols at QUALCOMM, participated in early days of the web infrastructure at Inktomi, made security products for 100+ million users at Symantec, and led web and... Read More →

Tuesday January 24, 2017 2:30pm - 3:20pm
Marion Davies Guest House

Attendees (14)