Crypto Talk at 28C3: Effective Denial of Service attacks against web application platforms, Day 2, 14:00, Saal 1

Julian Wälde and Alexander Klink will be presenting a new attack against Web Application Frameworks (WAF), that can be used to generate HTTP requests, that take several minutes of CPU time to process. Sending many of these requests in parallel can be used as an effective Denial of Service attack against many websites. Even one cannot spot any relation to cryptography from the abstract, I have been informed that this talk will also cover many cryptography related aspects.

See the talk, Day 2, 14:00, Saal 1

Author: Erik Tews

7 Responses to “Crypto Talk at 28C3: Effective Denial of Service attacks against web application platforms, Day 2, 14:00, Saal 1”

  1. [...] researchers Julian Wälde and Alexander Klink presented the new way to attack Web Application Frameworks at the Chaos Communication Congress [...]

  2. [...] researchers Julian Wälde and Alexander Klink presented the new way to attack Web Application Frameworks at the Chaos Communication Congress [...]

  3. [...] researchers Julian Wälde and Alexander Klink presented the new way to attack Web Application Frameworks at the Chaos Communication Congress [...]

  4. [...] advisory is in direct response to some very interesting research that presented at the recent Chaos Communication Congress (CCC). There, hash collisions were shown to consume all available resources in a web server. However, the [...]

  5. Dave says:

    Summary/Write-up (written for “VP” level people – very high-level) and Juniper IPS coverage of the attack at: http://forums.juniper.net/t5/Networking-Security-Now/IDP-Protocol-Anomaly-provides-Zero-Day-Protection-for-Chaos-Hash/ba-p/123657

    Nice work guys…

  6. [...] van software een update beschikbaar hebben die het euvel verhelpt. Beveiligingsonderzoekers Julian Wälde en Alexander Klink gaven een presentatie over het lek in de Web Application Frameworks afgelopen 28 december tijdens [...]