OWASP Automated Threats - OAT-013 Sniping


In this OWASP Automated Threat Article we'll be highlighting OAT-013 Sniping with some basic threat information as well as a recorded demo to dive into the concepts deeper. In our demo we'll explain how sniping works to leave insufficient time for another user to bid on a product. We'll wrap it up by highlighting F5 Bot Defense to show how we solve this problem for our customers.

Sniping Description:

The defining characteristic of Sniping is an action undertaken at the latest opportunity to achieve a particular objective, leaving insufficient time for another user to bid/offer. Sniping can also be the automated exploitation of system latencies in the form of timing attacks. Careful timing and prompt action are necessary parts. It is most well known as auction sniping, but the same threat event can be used in other types of applications. Sniping normally leads to some disbenefit for other users, and sometimes that might be considered a form of denial of service.In contrast, OAT-005 Scalping is the acquisition of limited availability of sought-after goods or services, and OAT-006 Expediting is the general hastening of progress.

OWASP Automated Threat (OAT) Identity Number


Threat Event Name


Summary Defining Characteristics

Last minute bid or offer for goods or services.

OAT-013 Attack Demographics:

Sectors Targeted Parties Affected Data Commonly Misused Other Names and Examples Possible Symptoms
Entertainment Few Individual Users Other Financial Data Auction Sniping

Elevated basket abandonment

Financial Application Owner Other Business Data Bid Sniper

Reduced average basket price

Retail Third Parties   Last Minute Bet

Higher proportion of failed payment authorisations

        Disproportionate use of the payment step
        Increased chargebacks
        Multiple failed payment authorizations from the same user and/or IP address and/or User Agent and/or session and/or deviceID/fingerprint

Sniping Presentation:

In this presentation we will be discussing how attackers leverage automation to execute sniping bids against the application to win last second bids. We'll then show you how to quickly protect you application with F5 Distributed Cloud Bot Defense.

In Conclusion:

Sniping remains a very common practice to win auctions where bidding is based on timing and last minute execution of that bid. It is very preventable if appropriate anti-automation controls are put into place.


F5 Related Content

Updated Apr 27, 2023
Version 2.0

Was this article helpful?

No CommentsBe the first to comment