Beep boop bop! What is that sound? It's the sound of the bots that are currently trying to break into your accounts, collect information about you or simply slow down your interaction with the favorite social network! Of course, they are not as smart as a regular user, but on other hand, they are blazingly fast, incredibly powerful, and almost unstoppable in their missions. What is more important is that they are even trying to replicate our behavior! While we have mouses, keyboards, touchpads, and mobile screens, they have neither fingers nor even arms, but they are still able to do a lot of harmful stuff by simulating our regular actions but a hundred times faster.
But can we stop these bad automated guys? Of course, we can, and this workshop project is all about it! During the workshop we will develop our own bot mitigation system that will be able to protect web applications from different kinds of bots, such as crawlers, scrapers, headless browsers, web vulnerability scanners, and many others. Moreover (what is more important), we will learn how to detect such bots and their behavior patterns to predict, prevent, learn and block such actions in the future.
During this workshop, we will write various types of bots to understand how many regular actions we can automate and speed up, and also to test our mitigation system in the real environment. And of course, we will explore modern ways of bot mitigations through the lens of science and big companies that are working in this field.
PhD, associate professor at the department of computer security. Tomsk State University; senior research engineering manager, Wallarm
Research engineer, Wallarm; post-graduate student, Tomsk State University
Participants' expertise requirements:
1. Good level of English (reading and speaking)
2. Basic programming skills in one of the popular programming languages (C, C#, C++, Java, Python)
3. Basic knowledge in web application security
You must necessarily possess:
1. Basic data structures (queue, list, hash map)
2. Docker and docker-compose
3. Git (Github, Gitlab) version control system
4. Web application technologies (e.g, proxy, REST API, GraphQL, message brokers, databases)
5. Automation tools and frameworks (e.g., Selenium)
It would be good (but not required) if you are familiar with:
If you do not like programming or not interested in computer security, you will probably not like this workshop project.