Northbridge Defense Lab

Bot defense demo target
Focused bot defense demo

Three Clear Abuse Stories

Use this lab portal to demonstrate how controls classify and handle login abuse, fake account creation, and scraping against public content.

1. Login Flow 2. Register Flow 3. Scraping Target
Demo talk track

Start with a normal browser visit, then run one command-line scenario. Watch the terminal status codes, this app's monitoring dashboard, and Bot Defense telemetry side by side.

Safe synthetic traffic

The generators use obvious automation headers, no proxy rotation, no evasion logic, and low-rate defaults. They only target this lab hostname.

Seeded identities
0
Catalog targets
0
Document targets
0
Fake actions
0

Core Demo Flows

Keep the live demo focused on the flows customers usually ask about.

Open Monitoring
Credential abuse

Credential Stuffing Bot

Protected: POST /api/auth/login Rotating lab accounts

Rotating lab-only usernames and fake passwords against /api/auth/login shows credential-stuffing detection and mitigation behavior.

npm run bot:login curl -si -X POST https://target4bots.cloudsecure.network/api/auth/login \ -H 'Content-Type: application/json' \ --data '{"email":"alex.tenant@demo.local","password":"wrong"}'
Fake accounts

Account Creation Spike

Protected: POST /api/auth/register Low-rate synthetic users

Creates low-rate synthetic users through /api/auth/register so you can show account abuse classification.

npm run bot:register node scripts/lab-bot.js register --count 10 --delay-ms 900
Content abuse

Scraping Walk

Protected: public catalog Predictable enumeration

Walks products, documents, and search results in a predictable sequence for scraping visibility demos.

npm run bot:scrape node scripts/lab-bot.js scrape --count 20 --delay-ms 500

Scraping Content Preview

Public listings and documents below are intentionally easy to enumerate.

Open Search