HK Express Airways Stop Denial of Inventory from Single Request Attacks

Case Study Overview

In 2013, HK Express Airways (HK Express) introduced new low fares for scheduled air services in, and out of, Hong Kong. While tens of thousands of ticket reservations were held through their booking web application, a disproportionately low number of reservations ultimately converted to transactions. Instead of checking out, attackers were exploiting automation tools to perpetually accumulate items in their cart for the purpose of making them unavailable for purchase by others.