Skip to Content
Web Application Defender's Cookbook
book

Web Application Defender's Cookbook

by Ryan C. Barnett, Jeremiah Grossman
December 2012
Intermediate to advanced
552 pages
13h 16m
English
Wiley
Content preview from Web Application Defender's Cookbook

Chapter 12

Enforcing Access Rate and Application Flows

Attack him where he is unprepared, appear where you are not expected.

—Sun Tzu in The Art of War

Identifying web application attack traffic isn’t always a matter of what you are doing but rather the velocity at which you are doing it. Attackers often use automated programs to expedite their reconnaissance, execute their attack payloads, or simply flood the application with excessive traffic. This chapter looks at various methods of detecting when clients are accessing their applications abnormally. This includes not only the speed of use but also the order in which resources are accessed.

Many of the recipes in this chapter include references to material taken from the Mitre Common Attack Pattern Enumeration and Classification (CAPEC) project: http://capec.mitre.org/.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Web Site Cookbook

Web Site Cookbook

Doug Addison
Preventing Web Attacks with Apache
Web Application Development with PHP 4.0

Web Application Development with PHP 4.0

Tobias Ratschiller, Till Gerken, Zeev Suraski, Andi Gutmans
Advanced PHP for Web Professionals

Publisher Resources

ISBN: 9781118417058Purchase book