on 30-Oct-202218:00 - edited on 27-Apr-202315:04 by LiefZimmerman
Introduction:
In this OWASP Automated Threat Article we'll be highlighting OAT-013 Sniping with some basic threat information as well as a recorded demo to dive into the concepts deeper. In our demo we'll explain how sniping works to leave insufficient time for another user to bid on a product. We'll wrap it up by highlighting F5 Bot Defense to show how we solve this problem for our customers.
Sniping Description:
The defining characteristic of Sniping is an action undertaken at the latest opportunity to achieve a particular objective, leaving insufficient time for another user to bid/offer. Sniping can also be the automated exploitation of system latencies in the form of timing attacks. Careful timing and prompt action are necessary parts. It is most well known as auction sniping, but the same threat event can be used in other types of applications. Sniping normally leads to some disbenefit for other users, and sometimes that might be considered a form of denial of service.In contrast, OAT-005 Scalping is the acquisition of limited availability of sought-after goods or services, and OAT-006 Expediting is the general hastening of progress.
Higher proportion of failed payment authorisations
Disproportionate use of the payment step
Increased chargebacks
Multiple failed payment authorizations from the same user and/or IP address and/or User Agent and/or session and/or deviceID/fingerprint
Sniping Presentation:
In this presentation we will be discussing how attackers leverage automation to execute sniping bids against the application to win last second bids. We'll then show you how to quickly protect you application with F5 Distributed Cloud Bot Defense.
In Conclusion:
Sniping remains a very common practice to win auctions where bidding is based on timing and last minute execution of that bid. It is very preventable if appropriate anti-automation controls are put into place.
