In this presentation I’m going to explore the proper implementation of a multi-layered defence against application-level (L7) DDoS and other threats.
There's a common misconception about multi-layer protection. Many believe it simply means stacking several similar boxes from different vendors, thinking this variety alone constitutes a multi-layered defence. They assume that what one device fails to detect or block, the next one will handle.

After the presentation, the listener will learn:

- the right approach to defining layers in web application defence,
- why each layer requires its own specialized protective technology,
-why a collection of similar boxes does not constitute effective multi-layer protection,
- and finally, why there’s no all-in-one solution that solves all the problems at once,
- and most importantly, how not to build an architecture for protecting web applications from external threats.

To achieve this goal, I divided the presentation into several parts as follows:

1. Defining the levels of protection required for web applications:
- First, we have to defend against application-level (L7) DDoS attacks.
- Next, there's protection against unwanted/malicious bots.
- Finally, we address threats from individuals trying to hack into the system.

To better understand why this distinction is important, I discuss each threat category in more detail.

2. Application level DDoS
- About slow attacks using Slowlorris as an example
- About massive botnets as a Meris
- And about haktivism, example, attacks on Sony's PlayStation Network.
- Summarising, with a description of the characteristics of Լ7 DDoS attacks
- How to counter against L7 DDoS

3. Unwanted Bot Activity:
- Identification of unwanted bot behavior and its implications for online platforms.
- Examples of main unwanted bot activities: Scraping, Brute-force, SMS bombing, etc.
- Summarising, with a detail description of the characteristics unwanted Bot Activity.
- How do you defend against bots?

4. Hacking Attempts:
- Overview of hacking attempts targeting the application layer. This is a broad topic, so I'm going to provide just a brief overview here.
- The most important point here is that these attacks differ significantly from both DDoS and bots in terms of their main characteristics. Description of the characteristics of Hacking Attempts.
- What protection should we use in this case? The first option that comes to mind is a WAF, but WAF cover most vulnerabilities, but not all.

The key point is that while a WAF is a valuable tool but to truly minimise the risk of web application hacking, secure development practices must be the starting point.

5. Conclusion:

- The key conclusion is that there is no one universal tool that can protect a web application from all threats. As demonstrated, defending against a variety of threats requires multi-layered defenses, with each layer targeting a specific type of threat.
-Metaphor - the comparison between all-in-one printers and specialized devices.

6. Q&A