Enhanced Bot Protection on Single-Page Applications (SPAs)

Single-Page Applications (SPAs) have become very popular in the last few years
because they are hugely beneficial when building advanced web and mobile
applications. SPAs use AJAX calls to load the dynamic content as part of their website architecture.

In the event you’re wondering, an AJAX (Asynchronous JavaScript And XML)
call is a way to asynchronously get data from the server, which makes it possible to update part of a webpage without reloading it all. With the increase and popularity of SPAs, the bot
attack threat landscape related to SPAs has grown tremendously over the last few
years. So, having strong and robust bot detection and mitigation to protect SPAs is

What are the Challenges of Bot Protection and Mitigation on a Single-Page Application?

Bad bot identification is the first piece in the bot detection puzzle. After identifying bad
bots, mitigating them is the second piece. It is precisely where bot solutions
work with a host of different mitigation options — CAPTCHA is one of them. In a normal
scenario, CAPTCHA redirection is handled seamlessly by an application in the event no
AJAX calls are involved.

For SPAs, AJAX calls typically expect a JSON (JavaScript Object Notation) response.
However, if a bad bot is detected on an AJAX call and CAPTCHA is the chosen
mitigation option, the AJAX APIs get a 302 response with the redirected location of the CAPTCHA page.

A solved CAPTCHA is a critical feedback loop in the bot detection engine This is why
it is extremely important to handle the CAPTCHA redirection flow properly.

How does Radware Bot Manager handle this situation differently, and better?

In typical SPAs, the number of AJAX that get triggered can be quite large. The
key element is how to first identify the AJAX calls automatically; the CAPTCHA
redirection flow can be handled later.

Here is where Radware Bot Manager is different and better. Through the injection of a
JavaScript tag, Radware Bot Manager taps into the AJAX call requests made on the
SPA; it demarcates the requests into a different identifier so Radware’s bot detection
engine can make good use of that information. The demarcation of AJAX calls is
critical because some behavioral engines operate based on the number of hits
coming from a particular source. This demarcation helps ensure — based on need — that the behavioral engine can choose the appropriate identifier. This makes the detection
engine extremely accurate. And, of course, accuracy is every cyber professional’s goal.

After AJAX calls have been identified and classified, it’s time to determine how to
handle the CAPTCHA redirection once a bad bot is detected on an AJAX call. It’s at this point that Radware Bot Manager intercepts the CAPTCHA redirection response through its
JavaScript tag and ensures that the entire web page gets redirected to the CAPTCHA
page. Once the CAPTCHA is solved, the end user is redirected back to the original
web page.

It’s Now a Critical Need

Protecting against bot attacks on single-page applications is now a pertinent and
critical need for all businesses, regardless of industry or company size. Having a
robust bot detection and mitigation offering on single-page applications is extremely
critical to ensure success. Radware Bot Manager’s AJAX classification and CAPTCHA
redirection handling ensure that bot detection is highly accurate on single-page
applications. That, combined with its effectiveness in preventing bots from carrying out
malicious activities, means Radware Bot Manager customers are safe and their clients
will enjoy a much better CX and UX.

For More Information

If you’re wondering how prepared your organization is to fend off bad actors, take
advantage of Radware’s free online security assessments. There are 2 assessments
that will let you know how protected your organization is from malicious bots. And feel
free to reach out to the talented and tenured Radware cybersecurity experts. They
would love to hear from you.

If you’ll be attending the RSA Conference in San Francisco on April 24-27, make sure and stop by the Radware booth (#2139). Meet with our team of experts and take your cybersecurity to the next level. Better yet, you can set up an appointment with them here.

Karthik Raju

Karthik Raju drives the product management efforts for Radware Bot Manager. He over 20 years of high-tech industry experience, including product management functions working with multi-national companies, including Hewlett Packard, Cisco and Dell EMC. Karthik possesses a strong combination of business and technical expertise and a deep understanding of customer challenges that have helped him successfully drive product management across several organizations.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program


An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center