The code that implements the user interface of every web application is public and viewable, which makes it simple for cybercriminals to program attacks against them using malware, bots, and other scripts.
The key to building a botwall: Real-Time Polymorphism
The key to building a botwall is to address this fundamental issue of the web head-on. But how can one change the very nature of HTML, to introduce a new security model, while still delivering open markup code to web browsers?
The answer is a technique called real-time polymorphism.
The idea is to use a powerful tool of malware authors against them. Malware has long used polymorphic code to hide itself from antivirus products, by looking different every time it infects a new machine.
Fig 2. Shape has invented a category of security countermeasures based on the concept of real-time polymorphism.
This is one simple example.
The use of polymorphism lets you preserve the functionality of code while transforming how it is expressed. In this example, a simpliﬁed login form has certain attributes replaced with random strings.
The resulting code breaks malware, bots, or other attacks programmed to submit that form, but renders identically to the original.
This is one example from an almost unlimited number of ways real-time polymorphism can be applied.