Web application based attacks

Web application based attacks

There are three main types of network based attacks we will look at. There are variations on each however we will cover the most common of these and what that means to a business from a customer’s perspective as well as operating a business.

Dos (Denial of service) or DDos (Distributed denial of service) 

This type of attack could be classed as a network attack, however, as the method of attack is delivered via the internet We have categorised it with the web application attacks.

The easiest way to describe a Dos attack is:

A malicious person is making multiple requests repeatedly to a website, the website cannot cope with the volume of requests and falls off line. By falling off line the site is no longer available for genuine customers and limits the opportunities of the website owner.

When this attack is on a larger scale it’s known as a DDOS attack and requires the help of an army of machines to generate the thousands of requests all at the same time. These army of machines are known as botnets or zombie’s as they are machines which have been affected previously by the attacker and programmed to behave in a certain way. The owner of the computer will not even know this is going on.

As an example.

Imagine if you were trying to place an order at your local takeaway, there’s only two phone lines, both are permanently engaged and the kitchen cannot cope with the volume of orders, most of which are bogus. As a result, the takeaway doesn’t have the resources to deal with the orders, it cannot cope and comes to a standstill. This is no different to a website, if it gets too many requests, doesn’t have the capacity, it cannot cope and falls off line.

In many cases this type of attack is used to disguise the main attack that is going on elsewhere.