Bot Defense for Mobile Apps in XC WAAP Part 1: The Bot Defense Mobile SDK
Introduction
The amount of automated attacks that target mobile devices is increasing rapidly each year and causes major financial damage across industries. Today, malicious bots are launched in droves to attack our mobile devices and apps where most of our online activity happens.
Unfortunately for developers of mobile apps, many techniques used by traditional bot-defense solutions are not supported by native mobile apps. As a result, if developers do not take precautions, their back-end mobile API components can be exposed to automated attacks such as content scraping, denial of service (DOS), credential stuffing, fake account creation, and a host of others.
F5's Mobile SDK is a component of the F5 Distributed Cloud (F5 XC) Bot Defense service. It is designed to protect requests made by native mobile apps. Similar to the web JavaScript solution, Bot Defense Mobile SDK works by gathering telemetry on the mobile device, and sending it to the Bot Defense server as headers with the protected requests. Bot Defense Mobile SDK exists for both iOS and Android, and functions similarly on both platforms.
Demo:
In our first demo we’re going to navigate through the WAAP (Web App & API Protection) Connector for Distributed Cloud Bot Defense and step through the configuration items to protect a mobile application endpoint
In Conclusion:
A Mobile app is a prime target for attack because it is so ubiquitous and has been traditionally difficult to secure. Software Development Kits (SDKs) such as the F5 Bot Defense Mobile SDK eliminate that difficulty and enable app developers to quickly integrate critical security features into their code—without having to write additional code themselves.
F5 Related Content
- Deploy Bot Defense on any Edge with F5 Distributed Cloud (SaaS Console, Automation)
- F5 Bot Defense Solutions
- F5 Fraud Solutions
- F5 Authentication Intelligence
- The OWASP Automated Threats Project
- OWASP Automated Threats - CAPTCHA Defeat (OAT-009)
- OWASP Automated Threats - Credential Stuffing (OAT-008)
- OWASP Automated Threats - OAT-001 Carding
- Operationlizing Online Fraud Detection, Prevention, and Response
- JavaScript Supply Chains, Magecart, and F5 XC Client-Side Defense (Demo)
- How Attacks Evolve From Bots to Fraud Part: 1
- How Attacks Evolve From Bots to Fraud Part: 2
- F5 Distributed Cloud Bot Defense (Overview and Demo)