Content Scraping Threats
To Web And Mobile Applications

Attackers evade traditional security solutions such as WAFs, IPC, and DDoS tools

Content Scraping

Content Scraping is the use of automated scrapers to read and scrape valuable information into another application.

For example, A major international airline with 30 websites, offered in 11 languages, was the victim of content scraping attacks. Scraping bots targeted the airline’s search function to extract route information that was repackaged and offered to the aggregator’s customers. Automation accounted for about a quarter of search traffic on the airline’s main search URL. Over a very short period of time, scrapers executed more than 850,000 automated searches.

Aggregators used scraping bots to discover and publicize non-compliant ticketing options. These unauthorized bookings disrupted the airline’s ability to manage revenue and reduced the airline’s operational flexibility.

Content scraping, in which attackers use sophisticated techniques to steal proprietary information, has become a common threat across many industries, including travel, retail, and financial services. Shape recognizes automated traffic at the application level, and is therefore able to effectively mitigate unauthorized content scraping.

Content Scraping is an OWASP Top 20 Threat

OAT-011

CONTENT SCRAPING
Case Study (PDF)

The Open Web Application Security Project (OWASP) is a worldwide non-profit organization focused on improving the security of software. The OWASP Top 20 represents the most critical automated threats.

OWASP THREAT REFERENCE:

Content Scraping (OAT-011)

Threat Mechanism: 

Automated scraper attacks attempt to read all accessible website pages and parameter values, and scrape valuable information into another application.

Motivation: 

Collect unprotected, proprietary information for reuse elsewhere.

Symptoms: Other Names:

Bargain hunting, Comparative Shopping, Data Aggregation, Database Scraping, Harvesting, Meta Search Scraper, Mining, Mirroring, Pagejacking, Scraper Bot, Search Engine Bot, Social Media Bot

 
3 minute preview

Avivah Litan:

VP Distinguished Analyst, Gartner

How to Stop Automated Attacks on Web Applications.
Learn how and why automation-based attacks pose serious threats to web applications.

View Full On-Demand Webinar

Assess your current automated threat level

Get Threat Assessment

2017 CREDENTIAL SPILL REPORT   DOWNLOAD