NEWS

How NGINX App Protect Denial of Service Adapts to the Evolving Attack Landscape As we move more and more aspects of our daily lives online, cyberattackers are keeping pace in their efforts to degrade the level of service provided by the apps we rely on. Their motivations are numerous, ranging from revenge to influencing the stock price of affected companies to creating a smokescreen that distracts security teams from data breaches. In a previous blog, we describe how in the past security teams had to continually develop new defenses against volumetric denial-of-service (DoS) and distributed DoS (DDoS) attacks at the network and transport levels (Layers 3 and 4), which exhaust servers’ available bandwidth by flooding them with TCP/UDP connection requests. Now attackers have added a new tool to their arsenal – DoS and DDoS attacks that use HTTP requests or API calls [ more… ]

NGINX App Protect Denial of Service Blocks Application-Level DoS Attacks While digital transformation is accelerating business potential, unfortunately it’s also broadening the threat landscape. As security teams are occupied adjusting to increasing scope and responsibility, attackers are taking advantage, becoming more sophisticated than ever in the ways they abuse applications for financial gain. Compared to traditional denial-of-service (DoS) attacks at the network level, application‑level (Layer 7) DoS attacks are rising sharply, in large part because they can bypass traditional defenses that are not designed for modern application architectures. From the viewpoint of attackers, Layer 7 DoS attacks have two valuable features: they require very few resources to create significant disruption, and they are difficult to detect. Generated using sophisticated tools and precisely targeted requests, such attacks disrupt application servers and APIs by making them unable to process legitimate requests. When a server [ more… ]