Tales from the Front Lines

Tales from the Front Lines: Large Retailer Achieves Near Immediate Time-to-Value

| | ATO, bot attacks, Bot Defense, Bot Defense SaaS, Customers, SDK integration, Tales from the Front Lines
One of our newest customers is a large, community-based retailer that had a mobile application and API account takeover problem. Roughly 12 months ago, they selected a JavaScript and SDK-based bot mitigation ...
Cequence
Tales from the Front Lines: How Third-Party APIs Simplify Enumeration Attacks

Tales from the Front Lines: How Third-Party APIs Simplify Enumeration Attacks

| | api, API security, API vulnerability, CQAI, Fraud, Tales from the Front Lines
As a mechanism to offload PCI risks, many retailers are now using third-party credit card processing for their online transactions. The retailer’s benefit is they are no longer handling the credit card ...
Cequence

Tales from the Front Lines: Whitelist and Forget, A Cautionary Tale

| | api, bulletproof proxies, CQ Prime, Tales from the Front Lines, Threat Research, Uncategorized, whitelist
Stopping attackers and their malicious intent is every security practitioners’ goal. But there are times when we need to grant unfettered access to network resources for day-to-day operations. Better known as whitelisting, ...
Cequence
Tales from the Front Lines: Maintaining Detection Efficacy (and Your Cool) in the Summer Heat

Tales from the Front Lines: Maintaining Detection Efficacy (and Your Cool) in the Summer Heat

| | bot attacks, Bot Defense, CQAI, Tales from the Front Lines, Threat Intel
In a previous blog, I talked about how the Covid-19 pandemic lockdown had corresponded to an increase in attack intensity. Since then, different parts of the country have begun to reopen, and ...
Cequence

Tales from the Front Lines: Attackers Target APIs with GET-Based ATOs 

| | , API Attack, API security, automated attacks, bot attacks, Bot Defense, Tales from the Front Lines, Uncategorized
This blog will describe how account takeovers (ATO) can be executed against APIs using GET methods, as opposed to POST. It’s an excellent example of how bad actors will analyze an application ...
Cequence

Tales from the Frontlines: Increasingly Sophisticated Cat and Mouse Games  

| | , API Attack, API security, Application Security, bot attacks, Bot Defense, Bots, Customers, General, Tales from the Front Lines, Threat Research, Uncategorized
The last Tales from the Frontlines post focused on a single customer and the attack volume increase they experienced following the COVID-19 lockdown. In this installment, we will look at the increasingly ...
Cequence

Tales from the Front Lines: Attackers on Lockdown Focus on APIs

| | API Attack, API security, bot attacks, Customers, General, Tales from the Front Lines
While the world is battling a Pandemic, our customers are battling an increase in bot activity, as evidenced by traffic and attack patterns over the last four weeks. To an attacker, being ...
Cequence

Tales from the Front Lines: Why Simple Attacks Like Content Scraping are the Hardest to Block

| | Bot Defense, Scraping, Tales from the Front Lines, web scraping, web scraping attacks
Of all of the automated business logic abuse attacks, the simple act of copying and pasting content from one web page to another is the most difficult for any technology to stop ...
Cequence