使用 AWS WAF SDK 提升移动应用的机器人防御能力.pdf

《使用 AWS WAF SDK 提升移动应用的机器人防御能力.pdf》由会员分享，可在线阅读，更多相关《使用 AWS WAF SDK 提升移动应用的机器人防御能力.pdf（19页珍藏版）》请在三个皮匠报告上搜索。

1、 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.N E T 3 2 2Level Up Your Bot Defense for Mobile Apps with AWS WAF SDKDavid MacDonald(He/Him)Senior Solutions ArchitectPaul Le Page(He/Him)Senior Specialist Solutions

2、 ArchitectEdge Services 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Shoe company 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.ScrapersAccount creation fraudAccount takeover fraudBot threats 2025,Amazon Web Services,Inc.or its affiliates.All rights reserve

3、d.Curl or python scriptScriptsHighly distributedOperating across 10s of thousands of IP addressesBrowser/Mobile environmentsJavaScript executionAI agentsAgentic bots interacting with a VM or browser environment.Bot types 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Trade-offsUs

4、er experienceCostMitigation effectiveness 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Block trafficDivertDeceiveFake success or failureDistortHoneypotDepleteTarpitMitigation strategies 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Our foundational architec

5、ture Mobile clientAmazon CloudFrontAWS WAFApplication Load BalancerAmazon ECSApplication ServerAWS CloudVirtual private cloud(VPC)API requestsAmazon S3Static contentAWS WAF Mobile SDK 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Allow/Block lists(IP,JA4)IP reputation rulesRate

6、based rulesAWS WAF Bot Control rulesAWS WAF Protection Pack(web ACL)BlockAnti DDoS rule 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.AWS WAF Bot Control rulesCommonly identifiable botsSignals:client-side heuristics&session behaviorSignals:co-ordinated behaviorChallengeBlock 202