There are a huge number of automated attack tools available that can spider and mirror application content, extract confidential material, discover code injection flaws, fuzz application variables for exploitable overflows, scan for common files or vulnerable CGIs and generally attack or exploit web-based application flaws.
These tools are very useful to security professionals but have also become an increasingly popular choice for attackers. This paper will explore techniques that can be used to protect applications against these tools and discuss solutions capable of stopping the next generation of automated attack tools.