Amazon Web Services Posted February 16, 2023 Share Posted February 16, 2023 AWS WAF Fraud Control - Account Takeover Protection (ATP) can now inspect origin responses, giving customers additional protection against brute force and credential stuffing attacks on their login pages. Until today, ATP rules were limited to inspecting incoming login requests against a stolen credentials database, analyzing requests seen over time for username and password traversals, and then aggregating this data based on unique identifiers, such as IP address or session ID. With this release, ATP managed rules can now also inspect application response data and block login attempts based on customer-defined login failure conditions. This capability helps to protect against brute force attacks involving non-compromised credentials. View the full article Quote Link to comment Share on other sites More sharing options...
.png.6dd3056f38e93712a18d153891e8e0fc.png.1dbd1e5f05de09e66333e631e3342b83.png.933f4dc78ef5a5d2971934bd41ead8a1.png)
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.