Threat Spotlight: Automated attacks on web applications