How to Prevent Account Takeover Attacks - John Chirhart - ASW #109

35:26
 
Share
 

Manage episode 263410669 series 72776
By Paul Asadoorian and Security Weekly. Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio is streamed directly from their servers. Hit the Subscribe button to track updates in Player FM, or paste the feed URL into other podcast apps.

Attackers are using methods such as password spraying and credential theft to commit fraud against websites at an alarming rate. Automated bots are aiding the attacker to conduct these operations at scale. Your defensive strategy should include a mechanism to determine if a session is being controlled by a real user or a bot. How can we best accomplish this without creating too much friction between the real users and your web applications?

To learn more about Google Cloud and reCAPTCHA, visit: https://securityweekly.com/recaptcha

To register for our upcoming webcast with Google Cloud: https://attendee.gotowebinar.com/register/886342018982842384?source=ASW

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ASWEpisode109

2154 episodes