Mitigating “Sentry MBA” - Credentials Stuffing Threat

“Credentials stuffing” attack technique became a very popular way nowadays to brute force user accounts over web applications’ login pages. Instead of trying to guess a certain user password from a g...

Published Jan 17, 2017

Version 1.0

Historic F5 Account

Joined May 04, 2019

View Profile

samstep

Cirrocumulus

Oct 15, 2017

Where this fails miserably is on mobile apps and AJAX/JSON API requests as these do not support JavaScript and as a result ASM simply blindly blocks all traffic. CAPTCHA is also not working here as CAPTCHA image response do not work with JSON/API responses. Further work is needed by the ASM Product Development team to introduce more programmability of ASM features such as Brute Force protection and CAPTCHA in iRules

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

Mitigating “Sentry MBA” - Credentials Stuffing Threat

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS