Abstract: Technology related to a network application firewall is disclosed. In one example, a method includes intercepting a response from a network application and destined for a client. The response can be associated with a user identifier. A modified response can be forwarded to the client. The modified response can include a honeytrap embedded within the intercepted response. Engagement with the honeytrap can be detected in a subsequent request to the network application. In response to detecting the engagement with the honeytrap, an indication that the user identifier is malicious can be stored.

Abstract: Technology related to a network application firewall is disclosed. In one example, a method includes intercepting a response from a network application and destined for a client. The response can be associated with a user identifier. A modified response can be forwarded to the client. The modified response can include a honeytrap embedded within the intercepted response. Engagement with the honeytrap can be detected in a subsequent request to the network application. In response to detecting the engagement with the honeytrap, an indication that the user identifier is malicious can be stored.

Abstract: Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems that obtain a dictionary comprising a plurality of credentials and populate a probabilistic data structure based on the dictionary. A login request is received from a client and one or more credentials are extracted from the received login request. A determination of when the probabilistic data structure indicates that the extracted credentials are included in the dictionary is made. A mitigation action is initiated with respect to the client, when the determination indicates that the probabilistic data structure indicates that the extracted credentials are included in the dictionary. This technology more efficiently and effectively detects and mitigates brute force credential stuffing attacks advantageously using a reduced amount of resources.

Abstract: A method, non-transitory computer readable medium, and device includes monitoring a session layer and transport layer network traffic data received from a plurality of client computing devices and plurality of servers. A plurality of network traffic anomaly threshold values and a plurality of server health anomaly threshold values for the monitored session layer and the transport layer network traffic data are estimated. Whether a plurality of current network traffic anomaly values and a plurality of current server health anomaly values for the monitored network traffic data exceeds each of the corresponding estimated plurality of network traffic anomaly threshold values and the estimated plurality of server health anomaly threshold values, and whether the current plurality of network traffic anomaly values and the current plurality of server health anomaly values are not a false anomaly is determined. A mitigation action is initiated based on the determination.

Abstract: A method, non-transitory computer readable medium, and health analysis apparatus that monitors network traffic exchanged with a plurality of server devices in a server pool to obtain signal data regarding a plurality of signals associated with the network traffic. A determination is made when there is a sever health anomaly for one or more of the server devices based on an application of a server health prediction model to the signal data. The server health prediction model includes a plurality of predictive health targets each based at least in part on historical signal data for one or more of the signals and having an associated threshold value. A mitigation action is initiated when the determining indicates there is a sever health anomaly for one or more of the server devices.