In this flood, I will talk about DDoS (Distributed Denial of Service) attacks on web applications and some of the methods of doing these attacks.

The type of traffic we want to accept from the outside world (eg 443 HTTPS) and therefore allowed to pass through the Firewall can be created by malicious people in a high volume that our servers cannot meet, and our service may be interrupted.

As an example, let’s assume that a web application is served from a data center with an upload speed of 750 Mbps. If maliciously organized bots generate 750 Mb of traffic per second to the application, they prevent the application from serving. This attack is called **DoS **(Denial of Service) since users are prevented from receiving service. If 750 Mbps is created from only one data center or one country, the attack is easily eliminated by filtering the traffic from the firewalls of the data center provider from the relevant IP or IP blocks.

In order to increase the effectiveness of the attack and to ensure its continuity, such attacks are usually made from many countries and countless IPs, it is not possible to separate the related IPs from normal traffic. This type of DoS attack is called DDoS, in other words, Distributed DoS.

The most effective DDoS attacks are done by Botnets that infect mobile phones, computers, or IoT devices and control these devices with the malware they place on them. The device that is infected with malware and used in an attack is called Zombie.

Malicious people can remotely control Botnets consisting of devices they zombie, and make DDoS attacks whenever they want, and even this mechanism is offered by these people as a service for a fee.

In 2015, in the 5-day DDoS attack on GitHub, a country injected an extra JavaScript code into a certain percentage of web page requests from the world to the pages served in their country, causing the user’s browser to call several pages from Github.

#cybersecurity #devsecops #devops #ddos-attack #botnet