The average organization lost 3.6% of revenue to bot-based business logic attacks in 2020. These automated attacks are carried out en-masse and can remain undetected for three months if attackers’ tactics are not identified. During this talk, we will carry out a live credential stuffing attack to demonstrate their impact, how easy it is to launch a business logic attack, and how to stop them.