Good Bot, Bad Bot: Characterizing Automated Browsing Activity

Explore the world of automated web browsing in this insightful conference talk by Nick Nikiforakis. Delve into the findings of Aristeus, a system designed to deploy honeysites for attracting and recording bot traffic. Learn about the seven-month experiment involving 100 dedicated honeysites that captured 26.4 million requests from over 287K unique IP addresses. Discover the prevalence of malicious bots and their tactics, including credential brute-forcing, web application fingerprinting, and vulnerability exploitation. Gain valuable insights into bot behavior, including the discrepancies between their claimed identities and actual implementations. Understand the implications of these findings for web security and the importance of distinguishing between good and bad bots in the ever-expanding digital landscape.

OWASP Standard Classification: Good Bot, Bad Bot: Characterizing Automated Brows... - N. Nikiforakis