{"product_id":"the-reign-of-botnets-isbn-9781394262410","title":"The Reign of Botnets","description":"\u003cp\u003e\u003cb\u003eA top-to-bottom discussion of website bot attacks and how to defend against them\u003c\/b\u003e \u003c\/p\u003e\u003cp\u003eIn \u003ci\u003eThe Reign of Botnets: Defending Against Abuses, Bots and Fraud on the Internet,\u003c\/i\u003e fraud and bot detection expert David Senecal delivers a timely and incisive presentation of the contemporary bot threat landscape and the latest defense strategies used by leading companies to protect themselves. The author uses plain language to lift the veil on bots and fraud, making a topic critical to your website's security easy to understand and even easier to implement. \u003c\/p\u003e\u003cp\u003eYou'll learn how attackers think, what motivates them, how their strategies have evolved over time, and how website owners have changed their own behaviors to keep up with their adversaries. You'll also discover how you can best respond to patterns and incidents that pose a threat to your site, your business, and your customers. \u003c\/p\u003e\u003cp\u003eThe book includes: \u003c\/p\u003e\u003cul\u003e \u003cli\u003eA description of common bot detection techniques exploring the difference between positive and negative security strategies and other key concepts\u003c\/li\u003e \u003cli\u003eA method for assessing and analyzing bot activity, to evaluate the accuracy of the detection and understand the botnet sophistication\u003c\/li\u003e \u003cli\u003eA discussion about the challenge of data collection for the purpose of providing security and balancing the ever-present needs for user privacy\u003c\/li\u003e \u003c\/ul\u003e \u003cp\u003eIdeal for web security practitioners and website administrators, \u003ci\u003eThe Reign of Botnets\u003c\/i\u003e is the perfect resource for anyone interested in learning more about web security. It's a can't-miss book for experienced professionals and total novices alike. Introduction xvii \u003c\/p\u003e\u003cp\u003e\u003cb\u003eChapter 1 A Short History of the Internet 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eFrom ARPANET to the Metaverse 2\u003c\/p\u003e \u003cp\u003eThe Different Layers of the Web 7\u003c\/p\u003e \u003cp\u003eThe Emergence of New Types of Abuses 9\u003c\/p\u003e \u003cp\u003eThe Proliferation of Botnets 11\u003c\/p\u003e \u003cp\u003eQuantifying the Bot Traffic Volume on the Internet 14\u003c\/p\u003e \u003cp\u003eBotnets Are Unpredictable 16\u003c\/p\u003e \u003cp\u003eBot Activity and Law Enforcement 18\u003c\/p\u003e \u003cp\u003eSummary 19\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 2 The Most Common Attacks Using Botnets 21\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eAccount Takeover 22\u003c\/p\u003e \u003cp\u003eData Harvesting 23\u003c\/p\u003e \u003cp\u003eCredential Harvesting 26\u003c\/p\u003e \u003cp\u003eAccount Takeover 31\u003c\/p\u003e \u003cp\u003eTargeted ATO Attacks 34\u003c\/p\u003e \u003cp\u003eA Credential Stuffing Attack Example 35\u003c\/p\u003e \u003cp\u003eAccount Opening Abuse 38\u003c\/p\u003e \u003cp\u003eThe Tree Hiding the Forest 39\u003c\/p\u003e \u003cp\u003eFraud Ring 41\u003c\/p\u003e \u003cp\u003eWeb Scraping 48\u003c\/p\u003e \u003cp\u003eThe Intent Behind Scraping by Industry 49\u003c\/p\u003e \u003cp\u003eGood Bot Scraping 51\u003c\/p\u003e \u003cp\u003eInventory Hoarding 53\u003c\/p\u003e \u003cp\u003eBusiness Intelligence 55\u003c\/p\u003e \u003cp\u003eScalping: Hype Events 58\u003c\/p\u003e \u003cp\u003eOnline Sales Events Mania and Scalping 58\u003c\/p\u003e \u003cp\u003eThe Retailer Botnet Market 59\u003c\/p\u003e \u003cp\u003eAnatomy of a Hype Event 61\u003c\/p\u003e \u003cp\u003eCarding Attacks 64\u003c\/p\u003e \u003cp\u003eGift Cards 65\u003c\/p\u003e \u003cp\u003eCredit Card Stuffing 66\u003c\/p\u003e \u003cp\u003eSpam and Abusive Language 66\u003c\/p\u003e \u003cp\u003eSummary 67\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 3 The Evolution of Botnet Attacks 69\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIncentive vs. Botnet Sophistication 70\u003c\/p\u003e \u003cp\u003eHTTP Headers 101 71\u003c\/p\u003e \u003cp\u003eCommon HTTP Headers 71\u003c\/p\u003e \u003cp\u003eLegitimate Browser Signatures 74\u003c\/p\u003e \u003cp\u003eHeader Signatures from Bot Requests 75\u003c\/p\u003e \u003cp\u003eThe Six Stages of a Botnet Evolution 77\u003c\/p\u003e \u003cp\u003eStage 1: Deploy the Botnet on a Handful of Nodes Running a Simple Script 77\u003c\/p\u003e \u003cp\u003eStage 2: Scale the Botnet and Impersonate the Browsers' Header Signatures 79\u003c\/p\u003e \u003cp\u003eStage 3: Reverse Engineer JavaScript and Replay Fingerprints 80\u003c\/p\u003e \u003cp\u003eStage 4: Force the Web Security Product to Fail Open 81\u003c\/p\u003e \u003cp\u003eStage 5: Upgrade the Botnet to a Headless Browser 82\u003c\/p\u003e \u003cp\u003eStage 6: Resort to Human\/Manual Attack 84\u003c\/p\u003e \u003cp\u003eBotnets with CAPTCHA-Solving Capabilities 85\u003c\/p\u003e \u003cp\u003eHuman-Assisted CAPTCHA Solver 85\u003c\/p\u003e \u003cp\u003eComputer Vision 88\u003c\/p\u003e \u003cp\u003eThe CAPTCHA Solver Workflow 88\u003c\/p\u003e \u003cp\u003eAI Botnets 89\u003c\/p\u003e \u003cp\u003eThe Botnet Market 91\u003c\/p\u003e \u003cp\u003eSummary 93\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 4 Detection Strategy 95\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eData Collection Strategy 96\u003c\/p\u003e \u003cp\u003ePositive vs. Negative Security 98\u003c\/p\u003e \u003cp\u003eThe Evolution of the Internet Ecosystem 99\u003c\/p\u003e \u003cp\u003eThe Evolution of Detection Methods 100\u003c\/p\u003e \u003cp\u003eInteractive Detection 100\u003c\/p\u003e \u003cp\u003eTransparent Detection 103\u003c\/p\u003e \u003cp\u003eThe State of the Art 106\u003c\/p\u003e \u003cp\u003eTransparent Detection Methods 108\u003c\/p\u003e \u003cp\u003eGood Bot Detection 109\u003c\/p\u003e \u003cp\u003eGood Bot Categories 111\u003c\/p\u003e \u003cp\u003eIP Intelligence 115\u003c\/p\u003e \u003cp\u003eCookie Handling 118\u003c\/p\u003e \u003cp\u003eJavaScript Execution Handling 119\u003c\/p\u003e \u003cp\u003eDevice Intelligence 120\u003c\/p\u003e \u003cp\u003eProof of Work 123\u003c\/p\u003e \u003cp\u003eBehavioral Biometric Detection 125\u003c\/p\u003e \u003cp\u003eHeadless Browser Detection 128\u003c\/p\u003e \u003cp\u003eUser-Behavior Anomaly Detection 130\u003c\/p\u003e \u003cp\u003eEmail Intelligence 135\u003c\/p\u003e \u003cp\u003eAdvanced PII Data Assessment 140\u003c\/p\u003e \u003cp\u003eRisk Scoring 142\u003c\/p\u003e \u003cp\u003eFormula 143\u003c\/p\u003e \u003cp\u003eConsuming the Risk Score 144\u003c\/p\u003e \u003cp\u003eSummary 145\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 5 Assessing Detection Accuracy 147\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003ePrerequisites 148\u003c\/p\u003e \u003cp\u003eHigh-Level Assessment 149\u003c\/p\u003e \u003cp\u003eWebsite Structure 150\u003c\/p\u003e \u003cp\u003eWebsite Audience 151\u003c\/p\u003e \u003cp\u003eTypes of Clients 151\u003c\/p\u003e \u003cp\u003eAssessing the Shape of the Traffic 152\u003c\/p\u003e \u003cp\u003eQuantitative Assessment (Volume) 155\u003c\/p\u003e \u003cp\u003eFeedback Loop 156\u003c\/p\u003e \u003cp\u003eResponse Strategy Assessment 158\u003c\/p\u003e \u003cp\u003eLow-Level Assessment 158\u003c\/p\u003e \u003cp\u003eIP Intelligence 159\u003c\/p\u003e \u003cp\u003eDevice Intelligence 163\u003c\/p\u003e \u003cp\u003eAssessment Guidelines 168\u003c\/p\u003e \u003cp\u003eIdentifying Botnets 170\u003c\/p\u003e \u003cp\u003eBotnet Case Study 173\u003c\/p\u003e \u003cp\u003eThe Evening Crawler 174\u003c\/p\u003e \u003cp\u003eThe Sprint Scraper 175\u003c\/p\u003e \u003cp\u003eThe Night Crawler 176\u003c\/p\u003e \u003cp\u003eThe Cloud Scraper 177\u003c\/p\u003e \u003cp\u003eSummary 177\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 6 Defense and Response Strategy 179\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eDeveloping a Defense Strategy 180\u003c\/p\u003e \u003cp\u003eDo-It-Yourself 180\u003c\/p\u003e \u003cp\u003eBuying a Bot Management Product from a Vendor 182\u003c\/p\u003e \u003cp\u003eDefense in Depth 184\u003c\/p\u003e \u003cp\u003eTechnology Stack to Defend Against Bots and Fraud 186\u003c\/p\u003e \u003cp\u003eDetection Layer to Protect Against Bot Attacks 186\u003c\/p\u003e \u003cp\u003eDetection Layer to Protect Against Online Fraud 188\u003c\/p\u003e \u003cp\u003eResponse Strategies 189\u003c\/p\u003e \u003cp\u003eSimple Response Strategies 190\u003c\/p\u003e \u003cp\u003eAdvanced Response Strategies 191\u003c\/p\u003e \u003cp\u003eOperationalization 193\u003c\/p\u003e \u003cp\u003eMapping a Response Strategy to a Risk Category 193\u003c\/p\u003e \u003cp\u003ePreparing for Special Events 195\u003c\/p\u003e \u003cp\u003eDefending Against CAPTCHA Farms 196\u003c\/p\u003e \u003cp\u003eSummary 197\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 7 Internet User Privacy 199\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe Privacy vs. Security Conundrum 199\u003c\/p\u003e \u003cp\u003eThe State of Privacy and Its Effect on Web Security 201\u003c\/p\u003e \u003cp\u003eIP Privacy 201\u003c\/p\u003e \u003cp\u003eCookie Tracking Prevention 204\u003c\/p\u003e \u003cp\u003eAnti-fingerprinting Technology 206\u003c\/p\u003e \u003cp\u003eThe Private Access Token Approach 213\u003c\/p\u003e \u003cp\u003eThe High-Level Architecture 214\u003c\/p\u003e \u003cp\u003eThe PAT Workflow 214\u003c\/p\u003e \u003cp\u003ePAT Adoption 216\u003c\/p\u003e \u003cp\u003eSummary 218\u003c\/p\u003e \u003cp\u003eReferences 219\u003c\/p\u003e \u003cp\u003eIndex 223\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eDavid Sénécal\u003c\/b\u003e is a Principal Product Architect at Akamai Technologies, leading a team of researchers, developers, and data scientists to build the next generation of fraud and abuse products. He has over twenty years of experience in network and web security and has dedicated the last 14 years to building bot management products. He’s a regular blogger and speaker at events like the OWASP Global Appsec conference. He was integrally involved in the development and maturation of the bot management concept in the cybersecurity industry.   \u003c\/p\u003e\u003cp\u003e\u003cb\u003eA start-to-finish presentation of how to defend against bot attacks on the web for security newbies and veterans\u003c\/b\u003e \u003c\/p\u003e\u003cp\u003eIn \u003ci\u003eThe Reign of Botnets: Defending Against Abuses, Bots and Fraud on the Internet\u003c\/i\u003e, veteran bot and fraud detection expert, David Senecal, delivers an up-to-date and comprehensive discussion of the bot threat landscape and the cutting-edge defense strategies used by the world’s leading companies to defend against it. The author uses plain language to lift the veil on bots and fraud, making the topics easy to understand for web security professionals and website owners. \u003c\/p\u003e\u003cp\u003eIn the book, you’ll find powerful insights into the evolution of bot attacks and defense strategies, the motivations of the attackers, how detection methods work, and how to analyze your site’s traffic so you can best respond to patterns and incidents that pose a threat to your business. You’ll also discover how to strike a balance between the ever-present needs for user privacy and security. \u003c\/p\u003e\u003cp\u003ePerfect for web security professionals and website administrators, \u003ci\u003eThe Reign of Botnets \u003c\/i\u003eis ideal for anyone who wants to learn more about security on the web. It’s a can’t-miss resource for total novices and experienced security practitioners alike.\u003c\/p\u003e","brand":"Wiley","offers":[{"title":"Default Title","offer_id":47990328197349,"sku":"NP9781394262410","price":40.0,"currency_code":"USD","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/1842\/7735\/files\/9781394262410.jpg?v=1761787375","url":"https:\/\/k12savings.com\/products\/the-reign-of-botnets-isbn-9781394262410","provider":"K12savings","version":"1.0","type":"link"}