F5 Anti-Bot Mobile SDK Extends Bot Protection to Mobile Apps

Byron McNaught Miniatur
Byron McNaught
Published May 23, 2018

Everyone loves having ultimate power at their fingertips – the ability to buy concert tickets, make reservations, or view banking transactions is available with the touch of a finger. The innovation and proliferation of mobile apps make this possible.

Predictably, this great power comes with great responsibility. The 2018 Verizon Data Breach Investigations Report (DBIR) highlights the growing trend of hackers targeting mobile. Bad actors commonly use bots as part of large-scale hacking campaigns, with mobile applications now a target.

Mobile apps are different from web applications, as mobile apps do not support the same security capabilities as web browsers. Most bot protection technologies use JavaScript to determine if a request originates from a bot or a human. Native mobile apps do not support JavaScript. Additionally, Single Page Applications (SPAs), which serve both browsers and mobile apps, are incompatible with JavaScript-based bot detection. As a result, mobile applications can be vulnerable. For example, back-end mobile API components can be exposed to automated attacks such as content scraping, denial of service, and a wave of new attacks focused on APIs.

Imagine if you could add bot protection for mobile apps with a simple touch of a finger. F5 Networks has done exactly that with the release of the F5 Anti-Bot Mobile SDK, extending the robust bot protection capabilities of F5's Web Application Firewall (WAF) solutions to mobile applications to defend against bots, vulnerability scanners, content scraping, and other automated attack vectors by safely allowlisting sessions coming from the protected mobile app.

What about resourceful attackers? You know, the same ones that grew up disassembling video consoles and going into cheat mode on their Sega Genesis? Applications fused through the F5 Anti-Bot Mobile SDK are hardened with code obfuscation technology to protect against sophisticated hackers that attempt to reverse engineer SDK and/or app code, while being fully supported across vendor and company app stores.

The F5 Anti-Bot Mobile SDK is available today. For more information, check out the solution overview.