![]() Use nginx to only respond to known user agents The level at which things don't match is up to you (City, State/Region, Country, etc).Potentially call the user and let them know.If the details don't match, reject the attempt, and mark the account as potentially compromised.When a user acts on their account (tries to change password, update email address, etc, attempt to match geo details) When a user logs in, store the geo ip details (last_logged_in_geo_details) Create a sample application to house everything with a full README and bootstrap scripts to setup the full stack (webserver + application).Use nginx for all of the examples so they are consistent.Everything should have an example implementation to show that it is possible.Tell your CS people about what you are doing, and provide them with tools to let them know an account has been marked as suspicious or compromised so they can tell the user.Always provide customer service information to the user, just in case.If a user actively denies your attempts to detect, then mark the account as suspicious.Don't impact user experience! It's better to let some badness pass through in order to never impact a user.If someone really wants to spoof or hack, they will! Submitting requests that are outside what is expected), behaviorĬlassification, and web application firewalls. Location based interaction filtering, request profiling (is the user This talk will cover things like passive tcpįingerprinting, device fingerprinting, user agent filtering, geo How to ask the right questions without interfering with a great user ![]() Otherwise unwanted activity on your web applications. How sure are you that you want them accessing your site at all? JoinĪaron Bedra as he walks you through asking the questions you should beĪsking of your users, and how to help prevent abuse, fraud, and How sureĪre you that the user accessing your site is who they say they are? Questions of users attempting to access our web applications. ![]() Pretty much how web applications work today. Interaction before, during, and after is usually ignored. There are lots of ways of dealing with authentication, but the ![]() Who's There? Understanding Who's Accessing your Web Applications ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |