A start-to-finish presentation of how to defend against bot attacks on the web for security newbies and veterans In The Reign of Botnets: Defending Against Abuses, Bots and Fraud on the Internet, veteran bot and fraud detection expert, David Senecal, delivers an up-to-date and comprehensive discussion of the bot threat landscape and the cutting-edge defense strategies used by the world's leading companies to defend against it. The author uses plain language to lift the veil on bots and fraud, making the topics easy to understand for web security professionals and website owners. In the book,…mehr
A start-to-finish presentation of how to defend against bot attacks on the web for security newbies and veterans In The Reign of Botnets: Defending Against Abuses, Bots and Fraud on the Internet, veteran bot and fraud detection expert, David Senecal, delivers an up-to-date and comprehensive discussion of the bot threat landscape and the cutting-edge defense strategies used by the world's leading companies to defend against it. The author uses plain language to lift the veil on bots and fraud, making the topics easy to understand for web security professionals and website owners. In the book, you'll find powerful insights into the evolution of bot attacks and defense strategies, the motivations of the attackers, how detection methods work, and how to analyze your site's traffic so you can best respond to patterns and incidents that pose a threat to your business. You'll also discover how to strike a balance between the ever-present needs for user privacy and security. Perfect for web security professionals and website administrators, The Reign of Botnets is ideal for anyone who wants to learn more about security on the web. It's a can't-miss resource for total novices and experienced security practitioners alike.Hinweis: Dieser Artikel kann nur an eine deutsche Lieferadresse ausgeliefert werden.
David Sénécal is a Principal Product Architect at Akamai Technologies, leading a team of researchers, developers, and data scientists to build the next generation of fraud and abuse products. He has over twenty years of experience in network and web security and has dedicated the last 14 years to building bot management products. He's a regular blogger and speaker at events like the OWASP Global Appsec conference. He was integrally involved in the development and maturation of the bot management concept in the cybersecurity industry.
Inhaltsangabe
Introduction xvii Chapter 1 A Short History of the Internet 1 From ARPANET to the Metaverse 2 The Different Layers of the Web 7 The Emergence of New Types of Abuses 9 The Proliferation of Botnets 11 Quantifying the Bot Traffic Volume on the Internet 14 Botnets Are Unpredictable 16 Bot Activity and Law Enforcement 18 Summary 19 Chapter 2 The Most Common Attacks Using Botnets 21 Account Takeover 22 Data Harvesting 23 Credential Harvesting 26 Account Takeover 31 Targeted ATO Attacks 34 A Credential Stuffing Attack Example 35 Account Opening Abuse 38 The Tree Hiding the Forest 39 Fraud Ring 41 Web Scraping 48 The Intent Behind Scraping by Industry 49 Good Bot Scraping 51 Inventory Hoarding 53 Business Intelligence 55 Scalping: Hype Events 58 Online Sales Events Mania and Scalping 58 The Retailer Botnet Market 59 Anatomy of a Hype Event 61 Carding Attacks 64 Gift Cards 65 Credit Card Stuffing 66 Spam and Abusive Language 66 Summary 67 Chapter 3 The Evolution of Botnet Attacks 69 Incentive vs. Botnet Sophistication 70 HTTP Headers 101 71 Common HTTP Headers 71 Legitimate Browser Signatures 74 Header Signatures from Bot Requests 75 The Six Stages of a Botnet Evolution 77 Stage 1: Deploy the Botnet on a Handful of Nodes Running a Simple Script 77 Stage 2: Scale the Botnet and Impersonate the Browsers' Header Signatures 79 Stage 3: Reverse Engineer JavaScript and Replay Fingerprints 80 Stage 4: Force the Web Security Product to Fail Open 81 Stage 5: Upgrade the Botnet to a Headless Browser 82 Stage 6: Resort to Human/Manual Attack 84 Botnets with CAPTCHA-Solving Capabilities 85 Human-Assisted CAPTCHA Solver 85 Computer Vision 88 The CAPTCHA Solver Workflow 88 AI Botnets 89 The Botnet Market 91 Summary 93 Chapter 4 Detection Strategy 95 Data Collection Strategy 96 Positive vs. Negative Security 98 The Evolution of the Internet Ecosystem 99 The Evolution of Detection Methods 100 Interactive Detection 100 Transparent Detection 103 The State of the Art 106 Transparent Detection Methods 108 Good Bot Detection 109 Good Bot Categories 111 IP Intelligence 115 Cookie Handling 118 JavaScript Execution Handling 119 Device Intelligence 120 Proof of Work 123 Behavioral Biometric Detection 125 Headless Browser Detection 128 User-Behavior Anomaly Detection 130 Email Intelligence 135 Advanced PII Data Assessment 140 Risk Scoring 142 Formula 143 Consuming the Risk Score 144 Summary 145 Chapter 5 Assessing Detection Accuracy 147 Prerequisites 148 High-Level Assessment 149 Website Structure 150 Website Audience 151 Types of Clients 151 Assessing the Shape of the Traffic 152 Quantitative Assessment (Volume) 155 Feedback Loop 156 Response Strategy Assessment 158 Low-Level Assessment 158 IP Intelligence 159 Device Intelligence 163 Assessment Guidelines 168 Identifying Botnets 170 Botnet Case Study 173 The Evening Crawler 174 The Sprint Scraper 175 The Night Crawler 176 The Cloud Scraper 177 Summary 177 Chapter 6 Defense and Response Strategy 179 Developing a Defense Strategy 180 Do-It-Yourself 180 Buying a Bot Management Product from a Vendor 182 Defense in Depth 184 Technology Stack to Defend Against Bots and Fraud 186 Detection Layer to Protect Against Bot Attacks 186 Detection Layer to Protect Against Online Fraud 188 Response Strategies 189 Simple Response Strategies 190 Advanced Response Strategies 191 Operationalization 193 Mapping a Response Strategy to a Risk Category 193 Preparing for Special Events 195 Defending Against CAPTCHA Farms 196 Summary 197 Chapter 7 Internet User Privacy 199 The Privacy vs. Security Conundrum 199 The State of Privacy and Its Effect on Web Security 201 IP Privacy 201 Cookie Tracking Prevention 204 Anti-fingerprinting Technology 206 The Private Access Token Approach 213 The High-Level Architecture 214 The PAT Workflow 214 PAT Adoption 216 Summary 218 References 219 Index 223
Introduction xvii Chapter 1 A Short History of the Internet 1 From ARPANET to the Metaverse 2 The Different Layers of the Web 7 The Emergence of New Types of Abuses 9 The Proliferation of Botnets 11 Quantifying the Bot Traffic Volume on the Internet 14 Botnets Are Unpredictable 16 Bot Activity and Law Enforcement 18 Summary 19 Chapter 2 The Most Common Attacks Using Botnets 21 Account Takeover 22 Data Harvesting 23 Credential Harvesting 26 Account Takeover 31 Targeted ATO Attacks 34 A Credential Stuffing Attack Example 35 Account Opening Abuse 38 The Tree Hiding the Forest 39 Fraud Ring 41 Web Scraping 48 The Intent Behind Scraping by Industry 49 Good Bot Scraping 51 Inventory Hoarding 53 Business Intelligence 55 Scalping: Hype Events 58 Online Sales Events Mania and Scalping 58 The Retailer Botnet Market 59 Anatomy of a Hype Event 61 Carding Attacks 64 Gift Cards 65 Credit Card Stuffing 66 Spam and Abusive Language 66 Summary 67 Chapter 3 The Evolution of Botnet Attacks 69 Incentive vs. Botnet Sophistication 70 HTTP Headers 101 71 Common HTTP Headers 71 Legitimate Browser Signatures 74 Header Signatures from Bot Requests 75 The Six Stages of a Botnet Evolution 77 Stage 1: Deploy the Botnet on a Handful of Nodes Running a Simple Script 77 Stage 2: Scale the Botnet and Impersonate the Browsers' Header Signatures 79 Stage 3: Reverse Engineer JavaScript and Replay Fingerprints 80 Stage 4: Force the Web Security Product to Fail Open 81 Stage 5: Upgrade the Botnet to a Headless Browser 82 Stage 6: Resort to Human/Manual Attack 84 Botnets with CAPTCHA-Solving Capabilities 85 Human-Assisted CAPTCHA Solver 85 Computer Vision 88 The CAPTCHA Solver Workflow 88 AI Botnets 89 The Botnet Market 91 Summary 93 Chapter 4 Detection Strategy 95 Data Collection Strategy 96 Positive vs. Negative Security 98 The Evolution of the Internet Ecosystem 99 The Evolution of Detection Methods 100 Interactive Detection 100 Transparent Detection 103 The State of the Art 106 Transparent Detection Methods 108 Good Bot Detection 109 Good Bot Categories 111 IP Intelligence 115 Cookie Handling 118 JavaScript Execution Handling 119 Device Intelligence 120 Proof of Work 123 Behavioral Biometric Detection 125 Headless Browser Detection 128 User-Behavior Anomaly Detection 130 Email Intelligence 135 Advanced PII Data Assessment 140 Risk Scoring 142 Formula 143 Consuming the Risk Score 144 Summary 145 Chapter 5 Assessing Detection Accuracy 147 Prerequisites 148 High-Level Assessment 149 Website Structure 150 Website Audience 151 Types of Clients 151 Assessing the Shape of the Traffic 152 Quantitative Assessment (Volume) 155 Feedback Loop 156 Response Strategy Assessment 158 Low-Level Assessment 158 IP Intelligence 159 Device Intelligence 163 Assessment Guidelines 168 Identifying Botnets 170 Botnet Case Study 173 The Evening Crawler 174 The Sprint Scraper 175 The Night Crawler 176 The Cloud Scraper 177 Summary 177 Chapter 6 Defense and Response Strategy 179 Developing a Defense Strategy 180 Do-It-Yourself 180 Buying a Bot Management Product from a Vendor 182 Defense in Depth 184 Technology Stack to Defend Against Bots and Fraud 186 Detection Layer to Protect Against Bot Attacks 186 Detection Layer to Protect Against Online Fraud 188 Response Strategies 189 Simple Response Strategies 190 Advanced Response Strategies 191 Operationalization 193 Mapping a Response Strategy to a Risk Category 193 Preparing for Special Events 195 Defending Against CAPTCHA Farms 196 Summary 197 Chapter 7 Internet User Privacy 199 The Privacy vs. Security Conundrum 199 The State of Privacy and Its Effect on Web Security 201 IP Privacy 201 Cookie Tracking Prevention 204 Anti-fingerprinting Technology 206 The Private Access Token Approach 213 The High-Level Architecture 214 The PAT Workflow 214 PAT Adoption 216 Summary 218 References 219 Index 223
Es gelten unsere Allgemeinen Geschäftsbedingungen: www.buecher.de/agb
Impressum
www.buecher.de ist ein Internetauftritt der buecher.de internetstores GmbH
Geschäftsführung: Monica Sawhney | Roland Kölbl | Günter Hilger
Sitz der Gesellschaft: Batheyer Straße 115 - 117, 58099 Hagen
Postanschrift: Bürgermeister-Wegele-Str. 12, 86167 Augsburg
Amtsgericht Hagen HRB 13257
Steuernummer: 321/5800/1497