Overview
Explore a comprehensive conference talk on identifying web application performance bottlenecks and potential security vulnerabilities through HTTP request analysis. Learn about the HTTP Time Bandit tool, designed to pinpoint resource-consuming pages in web applications by submitting a series of regular requests and analyzing the gathered data. Discover how this information can be used for both performance optimization and potential DOS/DDOS attacks. Gain insights into the tool's testing and attacking capabilities through live demonstrations on various targets. Delve into topics such as exotic authority, formal methods, Linux examples, graph symmetry, load balancers, proxy servers, protection services, baseline security, and resource consumption. Understand the motivations behind this approach, evasion techniques, and recommended usage scenarios. Examine the implications for CPU-intensive processes and explore potential future developments in this field.
Syllabus
Introduction
Who are we
Agenda
Why do we do this
Taxonomy
Exotic Authority
Proposed Method
Formal Method
Linux
Example
Graph
symmetric nature
attack
testing
other tools
what do we do
load balancers
a proxy
protection services
baseline
security
maximum connections
mod2s
settingstart
Resource Consumption
Motivation
Evasion
Honeypot
Recommended Usage
Bad Times Many
Whats Next
Tools
Paper summation
CPU hogs
Conclusion
Taught by
OWASP Foundation