on 30-Jan-202305:00 - edited on 27-Apr-202315:26 by LiefZimmerman
In thisOWASP Automated ThreatArticle we'll be highlightingOAT-015 Denial of Service with some basic threat information as well as a recorded demo to dive into the concepts deeper. In our demo we'll explain how adversaries use DoS to impact applications and how a layered approach is what is required to protect your applications. We'll wrap it up by highlightingF5 Distributed Cloud Servicesto show how we solve this problem for our customers.
Usage may resemble legitimate application usage, but leads to exhaustion of resources such as file system, memory, processes, threads, CPU, and human or financial resources. The resources might be related to web, application or databases servers or other services supporting the application, such as third party APIs, included third-party hosted content, or content delivery networks (CDNs). The application may be affected as a whole, or the attack may be against individual users such as account lockout.
Target resources of the application and database servers, or individual user accounts, to achieve denial of service (DoS).
OAT-015 Attack Demographics:
Data Commonly Misused
Other Names and Examples
Few Individual Users
Spikes in CPU, memory, network utilization
App layer DDoS
Unavailability of application
Rise in user account lockouts
In this presentation we will be discussing how attackers leverage automation to execute sDos against applications. These attacks may be intentional or unintentional, however the consequences are the same. We'll then show you how to quickly protect your application with F5 Distributed Cloud Bot Defense.
DoS continues to be used to target adveraries and competitors. This can be scraping that is triggered too many times or something like a well crafted resource intensive SQL query. It is very preventable if appropriate anti-automation controls are put into place.