AWS WAF Fraud Control – Account Takeover Protection now allows inspection of origin responses
AWS WAF Fraud Control – Account Takeover Protection (ATP) can now inspect origin responses, giving customers additional protection against brute force and credential stuffing attacks on their login pages. Until today, ATP rules were limited to inspecting incoming login requests against a stolen credentials database, analyzing requests seen over time for username and password traversals, and then aggregating this data based on unique identifiers, such as IP address or session ID. With this release, ATP managed rules can now also inspect application response data and block login attempts based on customer-defined login failure conditions. This capability helps to protect against brute force attacks involving non-compromised credentials.