Module – Credential Stuffing

In this lab we will configure and test the Brute Force Mitigation features in F5 ASM to mitigate various Credential Stuffing attacks. The purpose of this lab is to learn how and why ASM detects a given credential stuffing attack based on a given entity (username, IP address, or DeviceID) or a widely distributed attack. Also, to show how ASM detects the use of “known stolen credentials” in a credential stuffing attack.


To ensure consistent behavior with the lab guide, all lab exercises should be through the Chrome browser on the Windows Jumphost.