Blog

In a world where malicious bots roam the internet like hungry lions seeking vulnerable applications to devour, application owners are forced to make tough decisions between streamlined, user-friendly workflows and the need to interrupt user experience with bot protection techniques like CAPTCHA. We’re all tired of the user-experience of having an extra bit of work to do when filling out and submitting web forms. Who’s got time for that? However, malicious bots can and do cause real harm for countless organizations, especially as credential stuffing and account takeover attacks grow more and more sophisticated.

Ed Amoroso, Chief Executive Officer of TAG Cyber LLC, a global cyber security advisory, training, consulting, and media services company, recently published a great article on the potential for DDOS attacks to disrupt the upcoming election. In it, he gives great insight into how L3/L4 volumetric DDOS works and how they can be used against the facilities that collect and tabulate votes from regional sites. 

“We are all just prisoners here of our own device.” 
--The Eagles  

“Help me get rid of some of this stuff, or I’m gonna f’n lose it.”
--Anonymous CISO 

Credential stuffing attacks are some of the most common bot-based threats facing applications today. Virtually any site or application with a login page is a potential target for credential stuffing. In this blog, we take a look at what credential stuffing is, how it can impact your apps and users, and how you can use the ThreatX WAAP++ to keep yourself protected.  

Bad bots and malicious automation are one of the few technology challenges that can materially impact on every business team inside an organization. With up to 50% of Internet traffic generated by bots, organizations are awash in a sea of automated visitors. Some bots are benign, others aren’t. Those that aren't can interfere with customer acquisition. They steal data and intellectual property. They erode application performance. They directly defraud businesses.

I’m a big fan of the ThreatX agentless architecture. It simplifies many of aspects of deployment and side-steps a lot of the problems with agent-based architecture.

Most anyone who works in application security can tell you that the traditional WAF model has not aged gracefully over the past few years. Facing new challenges from bots, API-based threats, DDoS attacks, and sophisticated evasive attackers, the old guard of WAFs have bolted on module after module in an attempt to keep pace. This has, unsurprisingly, resulted in more complexity, the need for more AppSec talent, and the inability to protect an over-growing application attack surface.