Web applications have become the mainstay of the business world. Whether it's the backend of a mobile app that connects users to your product or your public facing website, one thing remains the same web apps have become just as important in doing business as brick-and-mortar operations. Yet we sometimes overlook the need to secure our online applications.
To complicate matters, there's been a huge increase in bots which now makes up 61 percent of all website traffic. Cheap cloud computing resources and open source software have enabled attackers to launch bot attacks faster and at a lower cost than ever before. Hackers use bots to uncover website security vulnerabilities – at scale – then spread their attack origins across hundreds of IPs. Bad bots are now the key culprits behind web scraping, online fraud, reconnaissance attacks, man-in-the-browser attacks, brute force attacks and application denial of service.
Securing web apps from the millions of bad bots that attempt to penetrate them each year can seem like a daunting task. John Stauffacher, a world renowned expert in web application security, and the author of Web Application Firewalls: A Practical Approach, recently sat down with Rami Essaid, CEO of Distil Networks, to brainstorm actionable ways organizations can defend their web applications from malicious bots. The good news is that you can quickly shore up your defenses by following a few simple rules, as well as implementing controls within your application development lifecycle.