OWASP Automated Threats

Last minute bid or offer for goods or services.

What is Sniping?

The defining characteristic of Sniping is an action undertaken at the latest opportunity to achieve a particular objective, leaving insufficient time for another user to bid/offer. Sniping can also be the automated exploitation of system latencies in the form of timing attacks. Careful timing and prompt action are necessary parts. It is most well known as auction sniping, but the same threat event can be used in other types of applications. Sniping normally leads to some dis-benefit for other users, and sometimes that might be considered a form of denial of service.

In contrast, OAT-005 Scalping is the acquisition of limited availability of sought-after goods or services, and OAT-006 Expediting is the general hastening of progress.

Sniping is also known by terms such as auction sniping, bid sniper, frontrunning, last look, last minute bet and timing attack.

The symptoms of Sniping

  • 1
    Increasing complaints from users about being unable to obtain goods/services
  • 2
    Some users having greater success rate than expected

Sectors targeted by Sniping

  • Entertainment
  • Financial
  • Retail

Can InfiSecure prevent Sniping?

InfiSecure’s advanced bot protection technology can block all sniping activities by identifying and restricting automated usage by fingerprinting the user agent for its unique characteristics. InfiSecure blocks sniping bots using basic techniques like monitoring all log process step completion timestamps and rate of data entry; monitor for bypassing of earlier steps and/or longer-than-usual delays in completing final step to more advanced bot detection techniques to stop sniping.