{"guid":"import-0263d58196a112ebec","title":"Effective Denial of Service attacks against web application platforms","subtitle":"We are the 99% (CPU usage)","slug":"28c3-4680-en-effective_dos_attacks_against_web_application_platforms","link":"http://events.ccc.de/congress/2011/Fahrplan/events/4680.en.html","description":"This talk will show how a common flaw in the implementation of most of the popular web\nprogramming languages and platforms (including PHP, ASP.NET, Java, etc.) can\nbe (ab)used to force web application servers to use 99% of CPU for several\nminutes to hours for a single HTTP request.\n\nThis attack is mostly independent of the underlying web application and just\nrelies on a common fact of how web application servers typically work.\n","original_language":"eng","persons":["Alexander ‘alech’ Klink","Julian | zeri"],"tags":["28c3"," Hacking"],"view_count":337,"promoted":false,"date":"2011-12-28T01:00:00.000+01:00","release_date":"2012-01-04T01:00:00.000+01:00","updated_at":"2026-04-01T15:45:06.374+02:00","length":3416,"duration":3416,"thumb_url":"https://static.media.ccc.de/media/congress/2011/28c3-4680-en-effective_dos_attacks_against_web_application_platforms_h264.jpg","poster_url":"https://static.media.ccc.de/media/congress/2011/28c3-4680-en-effective_dos_attacks_against_web_application_platforms_h264_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2011/import-0263d58196a112ebec-timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2011/import-0263d58196a112ebec-thumbnails.vtt","frontend_link":"https://media.ccc.de/v/28c3-4680-en-effective_dos_attacks_against_web_application_platforms","url":"https://api.media.ccc.de/public/events/import-0263d58196a112ebec","conference_title":"28C3: behind enemy lines","conference_url":"https://api.media.ccc.de/public/conferences/28c3","related":[{"event_id":460,"event_guid":"import-a06deb348ba5dc5997","weight":2},{"event_id":1135,"event_guid":"import-3d147238f2f1434907","weight":2},{"event_id":1530,"event_guid":"import-6fdeaba494d8699165","weight":2},{"event_id":1549,"event_guid":"import-6816b7029c0aff79fc","weight":2},{"event_id":1551,"event_guid":"import-6a3a996a7bf3732340","weight":3},{"event_id":1580,"event_guid":"import-7cc65ec6f710a801aa","weight":2},{"event_id":1586,"event_guid":"import-4943bb5b62764ada53","weight":2},{"event_id":1605,"event_guid":"import-37c1600436b10d0770","weight":2},{"event_id":1609,"event_guid":"import-68a1981706215efc82","weight":5},{"event_id":1611,"event_guid":"import-04cbf6a2c645f0f640","weight":3},{"event_id":1619,"event_guid":"import-b0554205945a09137e","weight":2},{"event_id":1712,"event_guid":"import-79b1beb3f18e5edc5a","weight":4},{"event_id":3640,"event_guid":"700a07e7-a9c4-437b-a4c5-4491b23a9b4a","weight":2}],"recordings":[{"size":342,"length":3416,"mime_type":"audio/ogg","language":"eng","filename":"28c3-4680-en-effective_dos_attacks_against_web_application_platforms.ogg","state":"downloaded","folder":"ogg-audio-only","high_quality":true,"width":720,"height":576,"updated_at":"2014-05-31T23:45:44.385+02:00","recording_url":"https://cdn.media.ccc.de/congress/2011/ogg-audio-only/28c3-4680-en-effective_dos_attacks_against_web_application_platforms.ogg","url":"https://api.media.ccc.de/public/recordings/3097","event_url":"https://api.media.ccc.de/public/events/import-0263d58196a112ebec","conference_url":"https://api.media.ccc.de/public/conferences/28c3"},{"size":342,"length":3416,"mime_type":"video/webm","language":"eng","filename":"28c3-4680-en-effective_dos_attacks_against_web_application_platforms.webm","state":"downloaded","folder":"webm","high_quality":true,"width":720,"height":576,"updated_at":"2016-01-27T11:03:49.112+01:00","recording_url":"https://cdn.media.ccc.de/congress/2011/webm/28c3-4680-en-effective_dos_attacks_against_web_application_platforms.webm","url":"https://api.media.ccc.de/public/recordings/3096","event_url":"https://api.media.ccc.de/public/events/import-0263d58196a112ebec","conference_url":"https://api.media.ccc.de/public/conferences/28c3"}]}