Q

Protect Web apps against a denial-of-service attack

Denial-of-service attacks may be impossible to prevent, but that doesn't mean there aren't ways to protect Web applications from them.

What's the best way to protect my Web environment against a denial-of-service attack?

The thing with denial-of-service attacks is that they're all but impossible to prevent. The best approach is definitely to focus on ways to minimize the impact a denial-of-service attack will have. If you have a Web presence, hackers are going to play with it (at best) and attack it (at worst).

The best approach is definitely to focus on ways to minimize the impact a denial-of-service attack will have.

One of the most proactive things you can do is to not give anyone a way to easily target and exploit a denial-of-service flaw in a Web server or application. I worked on a project recently that involved a website that had a page that was known to be vulnerable to anonymous HTTP proxy requests.

The page had been removed years prior but it was still on a list of known proxies and criminal hackers were exploiting it like crazy. This resulted in the Web server receiving tens of thousands of requests per minute for this vulnerable page that no longer existed.

It was an ugly denial-of-service attack situation to say the least. The situation could have been prevented had the vulnerable page been detected and fixed early on. This is why it's so critical to perform a security assessment of public-facing Web systems and quickly work to resolve any critical findings.

Beyond prevention, a cloud-based Web application firewall from vendors such as CloudFlare and Incapsula can work really well in off-loading the impact of a DoS attack. It's best to setup an account with such a vendor before the going gets rough. That said, I know these services are able to start providing relief within a very short period of time after a denial-of-service attack starts.

The most important thing for reducing the impact of a denial-of-service attack is to have a plan. Think about how to manage security vulnerabilities in advance so you can put things on auto-pilot once the attacks commence.

Do you a have a question for one of our experts? Chances are there are others out there with the same question. Let us know and we'll get the answers posted here for everyone's benefit.

This was first published in June 2014

Dig deeper on Internet Application Security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchSOA

TheServerSide

SearchCloudApplications

SearchAWS

SearchBusinessAnalytics

SearchFinancialApplications

SearchHealthIT

Close