OWASP Automated Threat (OAT– 013) Sniping

Sniping – Last-minute bid or offer for goods or services.

What is Sniping?

The defining characteristic of sniping is an action undertaken at the latest opportunity to achieve a particular objective, leaving insufficient time for another user to bid/offer. Sniping can also be the automated exploitation of system latencies in the form of timing attacks. Careful timing and prompt action are necessary parts. It is most well known as auction sniping, but the same threat event can be used in other types of applications. Sniping normally leads to some dis-benefit for other users, and sometimes that might be considered a form of denial of service.

Sniping is also known by the terms such as auction sniping, bid sniper, frontrunning, last look, last minute bet and timing attack.

The Symptoms of Sniping

OWASP, the worldwide not-for-profit charitable organization focused on improving the security of software, notes that there are several possible symptoms of sniping. These include,

  1. Increasing complaints from users about being unable to obtain goods or services

  2. Some users having higher success rate than expected

Sectors Targeted by Sniping

Sniping attacks are aimed at a variety of sectors including entertainment, financial, and retail industries.

OWASP, the worldwide not-for-profit charitable organization focused on improving the security of software, says sniping involves obtaining limited availability and/or preferred goods or services by unfair methods.

OWASP, says data commonly misused in sniping incidents include authentication credentials, payment cardholder data and other financial data, medical data and other personal data, intellectual property and other business data and public information.

Ways to Prevent Sniping Security Threat

OWASP suggests several possible countermeasures for organizations to address the threat of sniping. These include,

  1. Consider randomizing the content and URLs of content, linking these changes to an individual user’s session, verifying the changes at each request, and restricting any identified automated usage.

  2. Defining test cases for sniping that confirm an application will detect or prevent the users attempting to snipe the data.

  3. Companies can also identify and restrict automated usage by fingerprinting before a sniping attack can occur.

  4. OWASP also recommends organizations to participate in ecommerce threat intelligence exchanges and contributing any relevant attack data to sector-wide sharing systems.

These are the primary security checks that can prevent sniping attacks, but few dedicated fraudsters go beyond the lengths to straighten their sniping effort often operating through privacy browsers, VPN, proxy servers to blur their online identity. Above mentioned are the few security measures that help fight back against malicious users such as sniping, without causing damage to your legitimate users.

Online businesses can also opt for a bot mitigation solution that prevents sniping and even other OWASP automated threats in real-time without affecting any legitimate visitors. Bot mitigation is probably the most accurate solution for preventing OWASP Automated Threats and also ensure real-time protection against malicious bots.

Bot mitigation solution can block all automated ways to expedite actions on websites by bots. Bot mitigation solution can prevent sniping bots using basic techniques like monitoring all log process step completion timestamps and rate of data entry: monitor for bypassing of earlier steps and/or longer than usual delays in completing final step to more advanced bot detection technique to stop sniping.

Above security measures will help you build a more significant defense against sniping attacks targeting to bid limited goods or services.