on 28-Dec-202205:00 - edited on 27-Apr-202314:32 by LiefZimmerman
In thisOWASP Automated ThreatArticle we'll be highlighting OAT-005 Scalping with some basic threat information as well as a recorded demo to dive into the concepts deeper. In our demo we'll show how Automation is used to monitor and wait for goods or services to become available and then take rapid action to beat normal users to obtain them. We'll wrap it up by highlightingF5 XC Bot Defenseto show how we solve this problem for our customers.
Acquisition of goods or services using the application in a manner that a normal user would be unable to undertake manually.
Although Scalping may include monitoring awaiting availability of the goods or services, and then rapid action to beat normal users to obtain these. Scalping includes the additional concept of limited availability of sought-after goods or services, and is most well known in the ticketing business where the tickets acquired are then resold later at a profit by the scalpers.
Obtain limited-availability and/or preferred goods/services by unfair methods.
OAT-005 Attack Demographics:
Data Commonly Misused
Other Names and Examples
High peaks of traffic for certain limited-availability goods or services
Increased circulation of limited goods reselling on secondary market
In this demo we will be showing a simple example of how automation is used to monitor and wait for goods or services to become available and then take rapid action to beat normal users to obtain them. We'll then have a look at the same attack with F5 Distributed Cloud Bot Defense protecting the application.
Scalping Bots are a real problem for organization and customers as they are made up of a vast ecosystem to acquire large amounts of inventory at scale to be sold for a profit. F5 has the solutions to provide superior efficacy to interrupt and stop this unwanted automation.