​
Select Service
Terms and Concepts
The following information explains important terms and concepts associated with Bot Defense.
Types of Attacks
Bot Defense can protect your applications from the following types of automated attacks.
| Attack Names | Definition |
|---|---|
| Credential Stuffing | Attack where stolen username/password pairs are used in mass login attempts. Attackers test stolen credentials against the authentication mechanism to exploit credentials which have been reused across multiple platforms. |
| Denial of Service (DoS) | An attack that overwhelms a system so that it cannot respond to service requests. This attack usually is intended to cause a system to shutdown to perform a separate attack. |
| Distributed Denial of Service (DDoS) | Attack that targets a system using multiple host machines infected with malware, often rendering the target system unavailable for legitimate traffic. |
| Application DDoS | This attack targets a slow database search of a website, yielding vast resources from the website through a steady stream of GET requests that do not set off bandwidth trigger alarms, but that often render the database unavailable. |
| Gift Card Cracking | When attackers check millions of gift card number variations on a gift card application to identify card numbers that hold value. After the attacker identifies card numbers with positive balances, they use or sell the gift cards before the legitimate customer has a chance to use it. |
| Scraping | Attackers use automated tools to collect large amounts of data from a target application to reuse that data elsewhere. |
| Fake Accounts | Bad actors use fake accounts to commit financially motivated attacks such as reward abuse on retail sites and money laundering via online banking. |
| Credit Application Fraud | Attackers use stolen personally identifiable information (PII) to open an account in another person’s name. |
| Aggregator Threat Surface | Financial aggregators create unintended risks for the financial institutions from which they source consumer data. |
For additional information, see OWASP.org.
Terminology
The following terms help you understand how Bot Defense protects your sensitive resources.
| Term | Definition |
|---|---|
| Bots | Software programs that run automated tasks. Bot activity accounts for about 50% of all internet traffic, and can negatively impact your users, your data and revenue for your organization. |
| Benign Bot | Automated software programs that perform useful, wanted tasks, such as test tools and search engine crawlers. |
| Bad Bot | Automated software programs that perform harmful tasks. Bad bot attacks can take over customer accounts and slow web and app performance. They can prevent purchases and frustrate loyal customers. They can also reduce revenue, while increasing the cost of doing business. |
| Flow | An area of functionality that you configure Bot Defense to protect, such as a login flow, forgot password flow or account sign-up flow. |
| Endpoint | URL paths that potentially expose your application to harm and that attackers are likely to try to exploit. |
| Entry point | The endpoint that your users are likely to encounter first when they visit your website. Typically, an HTML form page, such as a login page. F5 recommends that you configure Bot Defense to insert JavaScript on this page to monitor and mitigate automated traffic. |