Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Anti-Automation Swedish Style

March 2011 by Imperva

The success of hacking relies on automation—but it can also be a critical weakness. How? Think about slowing down the hacker activity to a point where it won’t be worth-while for that cyber-criminal to hack your application, leaving the hacker to proceed to another target.

There are different ways to slow down an attacker. For example, you can use CAPTCHAs (this one is not recommended, though it’s pretty cool), adaptive authentication and access and click rate controls.

There are attacks where slowing down the attacker is good mitigation. Many automation attacks rely on issuing requests at high rate, such as brute forcing a password. If the attacker can only check 1000 password guesses a day instead of 1000 in a second – then the attack was hampered.

On the other hand, there are attacks where slowing down the attackers may irritate them, but not enough to make them abandon their effort. Below is a screenshot from a Swedish “dating” site. Here, the hacker indicates that the data is valuable enough that he will continue to extract data for two weeks if necessary – he just wish he could have done it faster (for the record, we don’t think this website is located in the Wikileaks’ hosting center):


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts