Training: 8–9 November 2016
Tutorials & Conference: 9–11 November 2016
Amsterdam, NL

The industrial age of website bots: How to detect and block automated attacks

Ido Safruti (PerimeterX), Ariel Sirota (PerimeterX)
13:30–17:00 Wednesday, 9 November, 2016
Tech, tools, and processes
Location: E102 Level: Beginner
Average rating: ***..
(3.50, 6 ratings)

Prerequisite knowledge

  • Basic computer skills (i.e., must be comfortable installing packages and running simple scripts and tools)
  • A basic understanding of the Web

Materials or downloads needed in advance

  • A laptop with tools and libraries/code samples downloaded and installed (will be provided prior to the session)

What you'll learn

  • Gain an awareness of threats from malicious bots
  • Learn how some of these bots operate
  • Explore open source tools and techniques to detect and better manage bots


Bots, or nonhuman automated tools, are growing in popularity and create a real threat to websites and applications. Bots are ideal workers for repetitive and complex tasks and can easily and efficiently run on different hosts and cloud services or as malware on infected machines. Bots are participating in different types of attacks impacting all types of applications and businesses—performing the entire scale of attacks from scraping, account abuse (account creation or account takeover), credit card and coupon guessing, application layer distributed denial of service (L7 DDoS), scalping, and click fraud. Bots range in complexity and abilities from simple scripts to full browser-based tools that can render complex pages and even solve CAPTCHA challenges.

Ido Safruti and Ariel Sirota review how bots work, explain how to operate a few common bots, and, most importantly, show what you can do to detect and block malicious activity while enabling your users and good bots to work uninterrupted. In order to detect and protect from different bots, Ido and Ariel first introduce a few common bots used by attackers, like PhantomJS and Selenium, to create a testing environment and verify that we can efficiently detect such tools. Ido and Ariel then explore a variety of techniques and open source tools and libraries you can use in order to detect different bots and outlines the things to consider when blocking them, once suspecting a request as being originated by a bot, such as:

  • Blocking users not supporting JavaScript and cookies
  • Sending hidden challenges that will bother bots but won’t affect real users’ experience
  • Honeypots and traps to catch malicious automatic tools
  • Detecting and white-listing the good bots
Photo of Ido Safruti

Ido Safruti


Ido Safruti is the cofounder and CTO at PerimeterX, which is building a behavior-based web security service. Previously, Ido headed a product group in Akamai focusing on web performance and scalability. Ido joined Akamai through the acquisition of Cotendo, where he led product and strategy. His earlier roles include GM in charge of product engineering and operation, R&D manager, chief scientist, and head of engineering at various companies and the Israeli intelligence, where he focused on high-capacity, large-scale web and network services and cybersecurity systems.

Photo of Ariel Sirota

Ariel Sirota


Ariel Sirota is vice president of engineering at PerimeterX. Ariel has over 19 years of experience in building network security products and managing large product development and engineering teams. Previously, Ariel headed the engineering organization, including a team of over 80 developers, at Check Point Software Technologies, focusing on endpoint security and security management products, was R&D manager and head of engineering at BMC Software, and held leadership positions at New Dimension Software prior to its acquisition by BMC.