
Credential stuffing attacks: anatomy, detection, and defense
Credential stuffing remains one of the most scalable and persistent threats on the internet. While defenders have improved at catching
Credential stuffing remains one of the most scalable and persistent threats on the internet. While defenders have improved at catching
Bots are often used to conduct attacks at scale. They can be used to automatically test stolen credit cards, steal
Are your users annoyed by constantly being hit with CAPTCHAs? Find out what how you can improve the user experience while keeping your site secure
Account sharing is a form of account abuse that needs to be detected with more sophistication than just a one-time check during signup or login. Plus, there's no strict rule on how many accounts are okay to share—it's all up to your service's policies
What does the zero-trust security model look like when it’s applied to online fraud and abuse? In this post, I’ll delve into how concepts from zero-trust can be used to fight fraud and abuse with higher accuracy and less user frustration.
As a developer encountering your first wave of bots trying to register or log into your application, which CAPTCHA should you opt for?
As the availability of unique IPs and user agents wanes and cookie reliability remains half-baked at best, device fingerprinting has emerged as a serious contender in the battle against online fraud and abuse.
Feeling like doing some quick online shopping through an attractive ad or signing up for a lucrative deal with a
Learn about two layers in user and account defense, and how deploying Castle gives you a single solution that improves security and reduces user friction.
Does reducing friction help a business grow? Can security teams take friction away from users and make authentication seamless? “High-grade security” coupled with “low to no friction” is the future of successful online engagement between companies and their users. This post explores those topics.
This post covers strategies for adding Castle's layer of bot detection and ATO prevention to your OIDC authentication flow, getting the best of both worlds. This is relevant for apps using an external identity provider, like Okta, Auth0, Amazon Cognito, Google, or Facebook.
Whether it's human intuition or machine learning, how do we go about discovering key insights when flooded with data? This post introduces some fundamental techniques of AI & machine learning to non-data scientists.