Explore strategies for defending against Application-Level Denial of Service (DoS) attacks in this 42-minute OWASP Foundation conference talk. Learn about the challenges of protecting modern websites with diverse components from simple yet potentially devastating DoS attacks. Discover how combining historical and real-time data on website access can enable active defense strategies. Examine a new open-source project, primarily written in Node.js, designed as a defense framework for mitigating these attacks. Gain insights into topics such as slow read attacks, identification techniques, real-world examples, architecture considerations, message formats, and performance testing. Understand the potential future applications of this framework and its relevance beyond DoS protection.
Surviving an Application DoS - Strategies and Open Source Defense Framework
Overview
Syllabus
Intro
$denial of service
$application Dos
$slow read
$strategies
$identification
$a real example
$seriously why node.js?
$architecture
$message format
$aggregator.js (does)
$consumers
$consumer commands
$example commands
$example consumer 3
$performance testing
$other uses
$the future, Conan?
Taught by
OWASP Foundation
