Mitigating “Sentry MBA” - Credentials Stuffing Threat
Published Jan 17, 2017
Version 1.0Was this article helpful?
Where this fails miserably is on mobile apps and AJAX/JSON API requests as these do not support JavaScript and as a result ASM simply blindly blocks all traffic. CAPTCHA is also not working here as CAPTCHA image response do not work with JSON/API responses. Further work is needed by the ASM Product Development team to introduce more programmability of ASM features such as Brute Force protection and CAPTCHA in iRules