Request a Demo
Recorded | September 27, 2017

Starting the Avalanche: Application DoS In Microservice Architectures

This Modern Security Episode will introduce you to one of the most devastating ways to cause service instability in modern micro-service architectures: application DDoS. Unlike traditional network DDoS that focuses on network pipes and edge resources, our talk focuses on identifying and targeting expensive calls within a micro-services architecture, using their complex interconnected relationships to cause the system to attack itself — with massive effect. 

Watch the Webinar

About This Modern Security Series Episode

We'd like to introduce you to one of the most devastating ways to cause service instability in modern micro-service architectures: application DDoS. Unlike traditional network DDoS that focuses on network pipes and edge resources, our talk focuses on identifying and targeting expensive calls within a micro-services architecture, using their complex interconnected relationships to cause the system to attack itself — with massive effect. In modern microservice architectures it's easier to cause service instability with sophisticated requests that model legitimate traffic to pass right through web application firewalls. 

This talk shares knowledge around how to improve modern microservice architectures. Specifically, it covers:

  • How the Netflix application security team identified area of our microservices that ultimately laid the groundwork for exponential-work attacks
  • A real Netflix case study of how a single request into an API endpoint fans out through the application fabric and results in an exponential set of dependent service calls
  • The frameworks Netflix collaborated on building that refine the automation and reproducibility of testing the endpoints, leveraged against our live production environment

Attendees will leave this talk understanding architectural and technical approaches to identify and remediate application DDoS vulnerabilities within their own applications. Attendees will also gain a greater understanding on how take a novel new attack methodology and build an orchestration framework that can be used at a global scale.

Speakers

Scott Behrens

Senior Application Security Engineer  |  Netflix

Scott Behrens is currently a senior application security engineer at Netflix. Prior to Netflix Scott worked as a senior security consultant at Neohapsis and an adjunct professor at DePaul University. Scott's expertise lies in both building and breaking for application security at scale. As an avid coder and researcher, he has contributed to and released a number of open source tools for both attack and defense. Scott has presented security research at DEF CON, DerbyCon, OWASP AppSec USA, Shmoocon, Shakacon, Source Boston, Security B-sides Chicago, and others.

James Wickett

Head of Research | Signal Sciences

Often found at the intersection of DevOps and security, James is the creator of gauntlt and the author of DevOps Fundamentals — a course on Lynda.com and LinkedIn Learning.

September 27 2017 Webinar-2.png

About the Modern Security Series

The Modern Security Series by Signal Sciences brings the best technologists around to present on modern security practices and approaches ranging from AppSec to DevOps.

Come each month and enjoy a fun and friendly presentation by some of the world’s foremost experts on topics that are shaping our industry for the future.

Upcoming Modern Security Series Episodes

The world’s top companies trust Signal Sciences.

under armour duo adobe datadot aera technology fullstory booktopia plangrid