This technology has various names, one being WAF, or web application firewall.
The purpose of a WAF is to stop web applications from common attacks.
Recall the OWASP Top Ten Risks? Some of the motivation behind these protections are good - for example, guarding against bot-driven DDoS attacks.
There are various vendors and products in this space; such as Imperva WAF, Cloudflare, Akamai Site Defender, AWS WAF, Azure Web Application Firewall and Google Cloud Armor.
These solutions are all effective at detecting and blocking agents, headless browsers, scrapers, credential stuffing bots (where leaked usernames and passwords are used across numerous websites to exploit potential duplication) and automated (even if legitimate) login attempts.
Action taken could range from limiting requests based on IP, presenting CAPTCHA challenges and blocking certain geographies. However, these actions may prevent legitimate bots from using required services, or performing agentic actions on behalf of legitimate users.
No comments:
Post a Comment