Date: April 17, 2025
Time: 3:30 PM CEST | 9:30 AM EDT | 7:00 PM IST
Topic: How Web Protocol Weaknesses Enable Layer 7 DoS Attacks
Abstract: This webinar explores the inherent vulnerabilities within the design of web protocols that indirectly expose web pages to Layer 7 denial-of-service (DoS) attacks, regardless of the encryption protocol employed (e.g., ICP, WTLS, DTLS, TLS 1.2, TLS 1.3, or QUIC). Initially, it will focus on the weaknesses of the Internet Cache Protocol (ICP), illustrating how these vulnerabilities can be weaponized to circumvent security measures. The discussion will then extend to the vulnerabilities residing within the handshake processes of DTLS, QUIC, TLS 1.2, TLS1.3, and WTLS. Additionally, it will provide valuable insights for security professionals and web developers, highlighting the importance of layered security strategies beyond encryption protocols to effectively defend against DoS attacks.
Key takeaways:
- Understanding web protocol functions and their role in security
- Analyzing the evolving threat landscape and the impact of DoS attacks
- Exploring design vulnerabilities in web protocols and their security implications
- Real-world case studies of web protocol vulnerabilities
- Effective mitigation strategies to address web protocol security flaws
Speaker:
Michał Sołtysik, Deep Packet Inspection Analyst
Bio: Michał Sołtysik is a Deep Packet Inspection Analyst and Cybersecurity Consultant specializing in network edge profiling and 0-day attacks. With a focus on IT, OT, and IoT areas, he has identified around 254 protocols used for cyber attacks. Michał is also a skilled Digital and Network Forensics Examiner, a Cyber Warfare Organizer, and a SOC Trainer, enhancing his cybersecurity roles with a broad range of expert knowledge.
Certifications:
- C)CSA – Certified Cyber Security Analyst
- CSA – Certified SOC Analyst
- C)NFE – Certified Network Forensics Examiner
- C)DFE – Certified Digital Forensics Examiner
- WCNA – Wireshark Certified Network Analyst
- CND – Certified Network Defender
- C)PTC – Certified Penetration Testing Consultant
- C)PTE – Certified Penetration Testing Engineer
- C)PEH – Certified Professional Ethical Hacker
- C)VA – Certified Vulnerability Assessor
- RED vs BLUE Cyber Warfare Practitioner
- CIoTSP – Certified Internet of Things Security Practitioner
- OOSE – OPSWAT OT Security Expert
- CNSP – Certified Network Security Practitioner
- CNSE – Certified Network Security Engineer
- CCE – Certified Cybersecurity Expert
- CCSS – Certified Cyber Security Specialist
- CM)CTA – Certified Master Cyber Threat Analyst
- CySA+ – Certified Cyber Security Analyst
- C3SA – Certified Cyber Security Analyst
- CCDA – Certified Cyber Defense Analyst
- PSAA – Practical SOC Analyst Associate
- CM)CFI – Certified Master Cyber Forensics Investigator
- GNFA – GIAC Network Forensic Analyst
- ISO/IEC 27037:2012 – Lead Implementer
- CCD – Certified CyberDefender
- C)ISSO – Certified Information Systems Security Officer
- CM)IPS – Certified Master Intrusion Prevention Specialist
- eCTHP – eLearnSecurity Certified Threat Hunting Professional
- C)TIA – Certified Threat Intelligence Analyst
- CCC – Certified Cybersecurity Consultant
