Explore the intricacies of detecting malicious bots using machine learning in this 23-minute OWASP Foundation conference talk. Delve into the challenges posed by sophisticated bot developers who design software to bypass detection systems, including their use of perfect browsers, mobile apps, and headless browsers. Learn about the complex techniques employed by bad bots, such as manipulating HTTP headers, changing browser fingerprints, and utilizing residential IPs. Discover the inner workings of a modern bot detection engine, including the collection and enrichment of server-side and client-side signals. Examine the challenges of authenticating good bots and detecting frameworks like Puppeteer extra stealth, Playwright, Selenium, and Headless Chrome. Gain insights into machine learning approaches for bad bot detection, with a focus on combining supervised and unsupervised techniques for maximum predictive accuracy. Understand key concepts such as automated threats, single-request attacks, residential proxies, and ongoing attack detection through real-world examples and case studies. Read more