This Modern Security Episode will introduce you to one of the most devastating ways to cause service instability in modern micro-service architectures: application DDoS. Unlike traditional network DDoS that focuses on network pipes and edge resources, our talk focuses on identifying and targeting expensive calls within a micro-services architecture, using their complex interconnected relationships to cause the system to attack itself — with massive effect.
We'd like to introduce you to one of the most devastating ways to cause service instability in modern micro-service architectures: application DDoS. Unlike traditional network DDoS that focuses on network pipes and edge resources, our talk focuses on identifying and targeting expensive calls within a micro-services architecture, using their complex interconnected relationships to cause the system to attack itself — with massive effect. In modern microservice architectures it's easier to cause service instability with sophisticated requests that model legitimate traffic to pass right through web application firewalls.
This talk shares knowledge around how to improve modern microservice architectures. Specifically, it covers:
Attendees will leave this talk understanding architectural and technical approaches to identify and remediate application DDoS vulnerabilities within their own applications. Attendees will also gain a greater understanding on how take a novel new attack methodology and build an orchestration framework that can be used at a global scale.
Scott Behrens
Senior Application Security Engineer | Netflix
Scott Behrens is currently a senior application security engineer at Netflix. Prior to Netflix Scott worked as a senior security consultant at Neohapsis and an adjunct professor at DePaul University. Scott's expertise lies in both building and breaking for application security at scale. As an avid coder and researcher, he has contributed to and released a number of open source tools for both attack and defense. Scott has presented security research at DEF CON, DerbyCon, OWASP AppSec USA, Shmoocon, Shakacon, Source Boston, Security B-sides Chicago, and others.
James Wickett
Head of Research | Signal Sciences
Often found at the intersection of DevOps and security, James is the creator of gauntlt and the author of DevOps Fundamentals — a course on Lynda.com and LinkedIn Learning.
The Modern Security Series by Signal Sciences brings the best technologists around to present on modern security practices and approaches ranging from AppSec to DevOps.
Come each month and enjoy a fun and friendly presentation by some of the world’s foremost experts on topics that are shaping our industry for the future.