Security Congress Abstract
Managing bot traffic is critical for your website, web apps and API security posture. Identifying and cataloging bot traffic enables select mitigation strategies that make sense for your use case. We will discuss techniques to determine if traffic is from a bot. Once the bots have been cataloged, the next step is to take appropriate action. Popular actions are deny, tarpit or redirect/serve alternate content. Choosing incorrectly may result in the attack morphing. The presentation includes stories from real experiences such as rate limiting's impact on SEO; IoT devices and the problems they present; credential stuffing; and more.