Whether you are building a large application, or a small form for your running club, bot attacks are an annoying reality. If you’ve found your way to this page, it’s likely that your beloved sites and APIs are under some form of attack. I’ve written this guide to teach you some of the defensive moves I’ve learned over the last decade working as a software engineer for security companies (BlackBerry), companies with large volume bot detection issues (Facebook) and most recently a small startup with direct security focus (UnifyID).