Sniping is an automated threat. The OWASP Automated Threat Handbook - Web Applications (pdf, print), an output of the OWASP Automated Threats to Web Applications Project, provides a fuller guide to each threat, detection methods and countermeasures. The threat identification chart helps to correctly identify the automated threat.
OWASP Automated Threat (OAT) Identity Number
Threat Event Name
Summary Defining Characteristics
Last minute bid or offer for goods or services.
The defining characteristic of Sniping is an action undertaken at the latest opportunity to achieve a particular objective, leaving insufficient time for another user to bid/offer. Sniping can also be the automated exploitation of system latencies in the form of timing attacks. Careful timing and prompt action are necessary parts. It is most well known as auction sniping, but the same threat event can be used in other types of applications. Sniping normally leads to some disbenefit for other users, and sometimes that might be considered a form of denial of service.
Other Names and Examples
Auction sniping; Bid sniper; Front- running; Last look; Last minute bet; Timing attack
CAPEC Category / Attack Pattern IDs
- 210 Abuse of Functionality
CWE Base / Class / Variant IDs
WASC Threat IDs
- 21 Insufficient Anti-Automation
- 42 Abuse of Functionality
OWASP Attack Category / Attack IDs
- Abuse of Functionality