cancel
Showing results for 
Search instead for 
Did you mean: 

Brute Force Prevention For Mobile Applicaiton

Muhammad_Faroo1
Nimbostratus
Nimbostratus

Hi dev community,

 

BF Protection works like a charm for Web applications .

I have a very specific requirement to configure bf protection for mobile applications. What are possibilites we can protect a mobile application brute force while we do not have a mobile sdk license and if the authentication method used in the mobile app is JWT (JSON Web Token).

 

Thanks.

2 REPLIES 2

Hi ,

 

what kind of brute force attacks do you expect on this authentication method?

You could configure the BIG-IP to validate the JWT token. I am guessing now - is the mobile app accessing some kind of API and the JWT is used for authentication? Then maybe you want to look at APM and API Protection. You can do token validation and rate limiting with API Protection.

Link: API Protection Concepts

 

Another good read on JWT is this one: JWT: A How Not to Guide

 

I hope this is a good starting point for you.

 

KR

Daniel

 

Muhammad_Faroo1
Nimbostratus
Nimbostratus

Hi ,

 

I have had noticed on the mobile application, I could see there are more than 100 hits per second making the application unavailable. Yes the mobile app is using api and JWT is for authentication. I am unable to define the login page because there is no username or password element, I could figure out. Definitely, I will look at API protection.

 

Thank you

 

BR,

Muhammad