2021 OWASP Global AppSec talk on open source for anti-bot

2021-11-11 — Written by Randy Gingeleski — 2 min read
#appsec  #botting  #talks 
Information on my 2021 OWASP Global AppSec US talk ‘How to Thwart Malicious Automation and Kick Bot Butt for $0’.
Read more →

Towards a general anti-automation and botting program

2021-07-31 — Written by Randy Gingeleski — 40 min read
#appsec  #botting  #initiatives  #papers 
Despite what vendors will tell you, defending against malicious automation and ‘bots’ takes a multi-pronged approach.
Read more →

Weaponizing Apify for mass bug bounty $$$

2021-01-16 — Written by Randy Gingeleski — 4 min read
#hacks 
This time we try that funny Akamai ARL business across 5,000,000+ targets, with help from Apify.
Read more →

Hacking naked Akamai ARL at scale

2021-01-15 — Written by Randy Gingeleski — 2 min read
#hacks 
Trying to load arbitrary content via abandoned Akamai on 2,259 plus 1 bounty targets.
Read more →

Defeating Parler’s proprietary CAPTCHA

2021-01-11 — Written by Randy Gingeleski — 3 min read
#appsec  #botting  #hacks 
Before the now-infamous Parler social network’s disappearance, we assessed their ‘roll-your-own’ CAPTCHA.
Read more →