Effective Denial of Service attacks against web application platforms

We are the 99% (CPU usage)

Alexander ‘alech’ Klink and Julian | zeri

Playlists: '28c3' videos starting here / audio / related events

This talk will show how a common flaw in the implementation of most of the popular web
programming languages and platforms (including PHP, ASP.NET, Java, etc.) can
be (ab)used to force web application servers to use 99% of CPU for several
minutes to hours for a single HTTP request.

This attack is mostly independent of the underlying web application and just
relies on a common fact of how web application servers typically work.