David Balaban: While routinely working on the security of one e-commerce website, I encountered an unusual type of a brute-force attack that was fairly hard to mitigate.
It was based on a delicately simple technique that made it stand out from the crowd.
Read this article to learn what kind of an attack it was and how I succeeded in protecting my customer’s site against it.
As you know, a classic brute-force boils down to guessing credentials.
For instance, threat actors take known user accounts and pick passwords for them based on certain criteria — either by generating them on-the-fly or using…