Link11 WAAP
v5
v5
  • Link11 WAAP Documentation
  • Release Notes
  • Known Issues
  • User Guide
    • Introduction to Link11 WAAP
  • How Link11 WAAP Works
    • Traffic Filtering Process
    • Traffic Reporting and Analytics
    • Policy Mapping and Traffic Routing
    • Tagging
    • UI Overview and Common Elements
  • Console UI Walkthrough
    • Analytics
      • Dashboard
      • Events Log
    • Security
      • Global Filters
      • Flow Control Policies
      • Security Policies
      • Rate Limit Rules
      • ACL Profiles
      • Actions
      • Dynamic Rules
      • Quarantined
      • Content Filter
        • Content Filter Profiles
        • Content Filter Rules
    • Sites
      • Server Groups
      • Proxy Templates
      • Mobile Application Groups
      • Backend Services
      • Edge Functions
      • DNS Records
      • SSL
        • Load Balancers
        • Certificates
    • System
      • Interactive Challenge
      • SSO Configuration
      • Purge CDN Cache
      • Users Management
      • Security Alerts
      • Log Exporters
      • Version Control
      • System DB
      • Publish Changes
    • Account
  • Using the product
    • Best Practices
      • Saving and Publishing Your Changes
      • Enabling Passive Challenges
      • Understanding and Diagnosing Traffic Issues
    • How Do I...
      • Authenticate mobile app users
      • Ban, unban, and allowlist traffic sources
      • Bypass Link11 WAAP for loadtesting or other purposes
      • Configure a new path/section of a site
      • Control caching behavior
      • Enable GraphQL traffic
      • Enable mTLS (mutual TLS)
      • Protect sensitive information in logs and analytics
      • Quickly block an attacker
      • Redirect or block HTTP traffic
      • Run custom code
      • Set rate limits and exemptions
      • Stream event data to a SIEM solution or other destination
    • The Link11 WAAP API
      • Overview
      • Internal data structures
      • Using Swagger UI
      • Using curl
  • Reference Information
    • Acronyms
    • API
      • API access to traffic data
      • Types of namespaces
      • Namespace reference
        • ACL Profiles
        • Actions
        • Backend Services
        • Certificates
        • Configs
        • Content Filter Profiles
        • Content Filter Rules
        • Data queries
        • Dynamic Rules
        • Edge Functions
        • Flow Control Policies
        • Global Filters
        • Load Balancers
        • Log Exporters
        • Mobile Application Groups
        • Planets
        • Proxy Templates
        • Rate Limit Rules
        • Security Alerts
        • Security Policies
        • Server Groups
        • Tags
        • Tools
        • Users
    • Hostile Bot Detection / LWCSI
      • Environmental detection and browser verification
      • Client authentication
      • Biometric behavioral verification
    • HTTP Response Codes
    • Log Exporter Output
    • Pattern Matching Syntax
    • Query Filter Syntax and Best Practices
  • Support
Powered by GitBook
On this page

Was this helpful?

Export as PDF
  1. Reference Information
  2. Hostile Bot Detection / LWCSI

Biometric behavioral verification

PreviousClient authenticationNextHTTP Response Codes

Last updated 1 month ago

Was this helpful?

Link11 WAAP does not limit its traffic analysis to the user environment and client session. It also performs extensive, continual analysis of the user’s behavior.

Every HTTP request that L11WAAP receives is anonymized and then analyzed according to numerous factors, including (partial list):

  • Device and software data (the user’s hardware, its screen resolution and orientation, the software used, battery level, stack trace, fronts and extensions, emulator detection, window size, hidden iframes, etc.)

  • User interface and events (mouse/pointer movements, clicks, taps, zooms, scrolls, keystrokes, speed of entry, etc.)

  • Session data (requests sent, IPs used, timing, frequency, etc.)

  • Consumption analytics (pages viewed, time spent, resources requested, etc.)

  • Application-specific events (and other results of user actions.)

L11WAAP understands the patterns, typical values, and common relationships of these metrics for legitimate users of each protected application and API. The system performs this analysis at a granular level: not only per app, but even down to individual pages, screens, and so on. This reveals patterns of behavior unique to that particular context.

L11WAAP continually analyzes the activities and behaviors of every requestor in every session. By definition, every hostile user (whether human or bot), must, at some point, deviate from the behavior of a legitimate user. As soon as this occurs, L11WAAP blocks that requestor.

Using this approach, the system’s bot detection accuracy is not only high, it is also robust and resistant to reverse-engineering by threat actors. Behavioral profiles are constructed based on private analytics data, and threat actors have no realistic way of obtaining this information.

Biometric behavioral verification is part of the passive challenge process. To enable behavioral analysis, .

passive challenges must be enabled