rise of the botsstatic.carahsoft.com/concrete/files/9615/2328/9842/300_level_credential...bots bots...
TRANSCRIPT
RISE of the BOTS
Peter Scheffler, Cyber Security Solutions [email protected] / @pmscheffler
OK, but how do these happen?
Who really “attacks”
me?
• Roughly 50% of traffic is
human
• About 20% is good bots
• Remaining 30% is
malicious bots
How do we differentiate?
•
••
•
•
••
•
•
•
•
••
•
•
••
•
Exploiting POST for Fun & DoS
••
•
•
•
Attackers work to identify weaknesses in application infrastructure
••
•
••
•
•
••
•
Only 26% of Scalar Survey
Respondents said their users
are trained…
•
•
* Threat Matrix Cyber Crimes 2017 Report
•
•
•
•
•
Web Application
•
•
•
•
•
•
•
1st time request to web server
Internet
Web Application
Legitimate browser
verification
No challenge response from
botsBOTS ARE DROPPED
WAF responds with injected JS challenge. Request is not passed to server
1
JS challenge placed in browser
2
WAF verifies response authenticity
Cookie is signed, time stamped and finger printed
4
Valid requests are passed to the
server
5
Browser responds to challenge &
resends request
3
Continuous invalid bot attempts are
blocked
Valid browser requests bypass challenge w/
future requests
http://bit.ly/ASMLabManual
https://training.f5agility.com/7280/<#