Kansas City June 21 2012 Meeting

From OWASP
Jump to: navigation, search

This month we have extended the invitation to speak to Sergey Shekyan from Qualys on the topic of Web Denial of Service, Attack and Defense.

Date: Thursday June 21st. 7PM
Location: Regnier Center Room #344
Johnson County Community College
12345 College Boulevard
Overland Park, Kansas 66210


While developers and administrators are focused on maintaining scalable and complex interactive systems, another aspect is being overlooked: making sure systems can detect and handle slow application layer DoS attacks that consume available resources, and force servers to reject legitimate clients.
Sometimes considered exotic and rare, slow DoS attacks can easily knock out an unprepared server, as they use legitimate data and almost don't differ from real traffic. Slow DoS attacks are exploiting protocol flaws, and the handling of such attacks should be applied within the server configuration, rather than setting up perimeter devices to intercept the traffic. Without such protection, slow DoS attacks can bypass traditional counter-DDoS systems undetected, and can harm anything from HTTP servers to streaming servers, cache, proxy and WebSocket servers.
Sergey will present a tool that can help find bottlenecks and help developers and administrators to either apply existing tweaks, or continue researching the problem with more details available, without being distracted by having to implement their own proof of concept solutions to test their systems.

The goal of presentation is to:

- share information about such attack vectors, demonstrate the attacks over HTTP and WebSocket protocols against HTTP, WebSocket , proxy, cache, media streaming servers using new version of slowhttptest
- discuss how information produced by the tool could be used to narrow the problem
- present mitigation recommendations and techniques.




Sergey Shekyan is a Senior Software Engineer for Qualys, where he is focused on development of the company’s on demand web application scanning service. With more than 10 years of experience in software design, development, testing and documentation, Sergey has contributed key product enhancements and software modules to various companies. Prior to Qualys, he designed and implemented a web-based system for general aviation pilots. Sergey holds both Masters and BS Degrees in Computer Engineering from the State Engineering University of Armenia.
Date: Thursday June 21st. 7PM
Location: Regnier Center Room #344
Johnson County Community College
12345 College Boulevard
Overland Park, Kansas 66210

https://www.owasp.org/images/a/a6/Owasp_KS_slowDoS.pdf