O'Reilly logo

Web Application Security is a Stack: How to CYA (Cover Your Apps) Completely by Lori Mac Vittie

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

 

CHAPTER 1: INTRODUCTION

The modern threat

In 2011 an exploit taking advantage of a vulnerability in the Apache web server rapidly circulated across the Internet. Apache, at the time, was used by more than 65% of websites, according to Netcraft, so this was a serious issue which required immediate remediation. The exploit took advantage of a little-known vulnerability in the way Apache handled two HTTP headers. Exploitation of this vulnerability resulted in, as described by CVE-2011-3192, “very significant memory and CPU usage on the server”, resulting in a distributed denial-of-serviceattack (DDoS) through resource exhaustion.

In late 2013, a highly complex DDoS attack1 on a prominent member of an online trading community was detected and ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required