Posted On: Feb 14, 2022
AWS WAF announces the launch of AWS WAF Fraud Control - Account Takeover Prevention to protect your application’s login page against credential stuffing attacks, brute force attempts, and other anomalous login activities. Account Takeover Prevention enables you to proactively stop account takeover attempts at the network edge. With Account Takeover Prevention, you can prevent unauthorized access that may lead to fraudulent activities, or you can inform affected users so that they can take preventive action.
To get started, simply navigate to the AWS WAF console and create a new web ACL, or select an existing web ACL. Follow the wizard to choose an AWS resource to protect. Choose Account Takeover Prevention from the list of managed rule groups. Enter the URL of your application’s login page and indicate where the username and password form fields are located within the body of HTTP requests to log in.
AWS WAF Fraud Control - Account Takeover Prevention is available today in the US East (N. Virginia), US West (Oregon), Europe (Ireland), Europe (London), Asia Pacific (Singapore) AWS Regions. Visit the AWS WAF pricing page for information about Account Takeover Prevention fees. To learn more, please see the AWS WAF developer guide. To learn more about AWS WAF, please see the AWS WAF web site.