17. Problems
• We don’t know what people are doing
• We don’t know how often they are doing it
• We don’t know how effective we are
• We are don’t have enough resources to keep up
18. Goals
• Reduce noise
• Generate better signal
• Reduce operational overhead
• Build better business cases
• Spend energy on the really important stuff
21. Tie up the loose ends
with static configuration
22. Static configuration checklist
At least a B+ rating on SSL Labs*
Reject extensions that you don’t want to accept
Reject known bad user agents
Reject specific known bad actors
Custom error pages that fit your application
Basic secure headers
87. “Of course machines can't think as
people do. A machine is different from
a person. Hence, they think differently.”
-- Alan Turing, The Imitation Game
88. You can often render bots
useless with small
changes