Back To Schedule
Thursday, November 21 • 3:00pm - 3:50pm
HTTP Time Bandit

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Video of session:

While web applications have become richer to provide a higher level user experience, they run increasingly large amounts of code on both the server and client sides. A few of the pages on the web server may be performance bottlenecks. Identifying those pages gives both application owners as well as potential attackers the chance to be more efficient in performance or attack.
   We will discuss a tool created to identify weaknesses in the web application by submitting a series of regular requests to it. With some refinement and data normalizations performed on the gathered data,
and then performing more testing based on the latter, it is possible to pinpoint the single most (CPU or DB) resource-consuming page of the application. Armed with this information, it is possible to perform more efficient DOS/DDOS attacks with very simple tools.
   The presentation will be accompanied by demos of the tool performing testing and attacking on various targets. The tool will be published for the interested researchers to play with.


vaagn toukharian

Senior Software Engineer, qualys
Was involved with security industry since 1999. Experience includes work on Certification Authority systems, encryption devices, large CAD systems, Web scanners. Outside of work interests include Photography, and Ironman Triathlons.

Thursday November 21, 2013 3:00pm - 3:50pm EST
Salon 1 (5th Floor Ballroom) NY Marriott Marquis

Attendees (0)