Explore the potential of browser-based botnets in this 48-minute OWASP Foundation conference talk by Jeremiah Grossman and Matt Johanssen. Discover how online advertising networks can be exploited to distribute malicious JavaScript, creating large-scale browser botnets for pennies. Learn about the real-world implications of this technique, including DDoS attacks, spam campaigns, and password cracking. Examine the power of HTML5 and JavaScript in commandeering browsers without leaving traces. Understand why traditional methods of creating botnets fall short compared to leveraging advertising networks. Gain insights into the economics of browser renting and witness live demonstrations of attacks against well-protected targets. Delve into topics such as Cross-Site Request Forgery, application-level DDoS, and the challenges of web security in this eye-opening presentation.