A European company providing online railway ticketing and information needed to ensure that travelers could depend on it for uninterrupted and secure real-time service. The company therefore sought to verify the effectiveness of its DDoS protection measures, including evaluation of the security team’s ability to identify, mitigate and recover from an attack.
Red Button designed seven advanced application-layer attack testing scenarios to challenge the company’s AWS-based DDoS protection, with a focus on CloudFront WAF configuration, detection mechanisms, procedures and protocols.
At the company’s request, a black-box methodology was adopted to emulate the behavior of a malicious attacker with no prior knowledge of the company’s digital architecture or protections. Our cybersecurity Red Team therefore initiated the simulations with typical hacker reconnaissance efforts intended to map out the architecture and discover the network flow.
Red Button’s analysis of the test results indicated that the company’s DDoS protection is currently at a solid level of readiness. While five of the attack scenarios were detected and counteracted with no impact on its services, two of them caused short downtimes before being mitigated.
Notably, the company server suffered from downtime due to a relatively low number of requests, indicating excessive sensitivity to increased traffic rates. The rate limit rule thresholds in the company’s production environment are also significantly lower than recommended best practices, which can cause false positives.
Red Button recommended the following measures to improve the company’s DDoS mitigation outcomes even further:
Check out these resources for more information
about our DDoS testing solutons for your business.