Layer 7 DoS Attacks: Why Web Pages Remain Vulnerable Despite TLS 1.3 & QUIC

Abstract:This webinar explores the inherent vulnerabilities within the design of web protocols that indirectly expose web pages to Layer 7 denial-of-service (DoS) attacks, regardless of the encryption protocol employed (e.g., ICP, WTLS, DTLS, TLS 1.2, TLS 1.3, or QUIC). Initially, it will focus on the weaknesses of the Internet Cache Protocol (ICP), illustrating how these vulnerabilities can be weaponized to circumvent security measures. The discussion will then extend to the vulnerabilities residing within the handshake processes of DTLS, QUIC, TLS 1.2, TLS1.3, and WTLS. Additionally, it will provide valuable insights for security professionals and web developers, highlighting the importance of layered security strategies beyond encryption protocols to effectively defend against DoS attacks.

Key Takeaways: 

• Understanding web protocol functions and their role in security 
• Analyzing the evolving threat landscape and the impact of DoS attacks 
• Exploring design vulnerabilities in web protocols and their security implications 
• Real-world case studies of web protocol vulnerabilities 
• Effective mitigation strategies to address web protocol security flaws 

Speaker:

Michał Sołtysik, Deep Packet Inspection Analyst
Bio: Michał Sołtysik is a Deep Packet Inspection Analyst and Cybersecurity Consultant specializing in network edge profiling and 0-day attacks. With a focus on IT, OT, and IoT areas, he has identified around 254 protocols used for cyber attacks. Michał is also a skilled Digital and Network Forensics Examiner, a Cyber Warfare Organizer, and a SOC Trainer, enhancing his cybersecurity roles with a broad range of expert knowledge. Certifications