How to defend against JavaScript-based DDoS attacks

How to defend against JavaScript-based DDoS attacks

DDoS attack technology is rapidly evolving. The recent JavaScript-based DDoS attack has a unique feature: any browser device may be involved in the attack, and its potential attack scale is almost unlimited. Most interactions on modern websites use JavaScript. JavaScript scripts can be directly embedded in HTML or loaded from a remote server. JavaScript attacks mainly occur when the shared JavaScript script is replaced on a third-party server, or when it is replaced by a man-in-the-middle during transmission. Currently, there is no relevant mechanism for blocking scripts replaced on the server. However, W3C has proposed a new function called subresource integrity, which uses the hash value to verify the script, if the hash value does not match, the browser can prevent it from running. Currently, only Chrome and Firefox are supported for browsers that support sub-resource integrity. HTTPS is the only useful method to fully enable scripts that are replaced by malicious code by man-in-the-middle during transmission.

JavaScript advanced programming (Third edition)

How to use JavaScript to write recursive functions

Core concepts and practices of JavaScript PDF (Qiu Juntao)

Understanding the event stream in JavaScript

This article permanently updates the link address: