Availability
Denial-of-service attacks
Overwhelming systems so they stop working.
What it is
Floods of traffic, slow connections (Slowloris), or expensive queries that exhaust CPU/memory and take the service down.
How attackers exploit it
A botnet sends millions of requests, or an attacker finds an endpoint that runs an unbounded DB query and hammers it.
How to protect against it
- Put the site behind a CDN/WAF (Cloudflare, Fastly) that can absorb volumetric attacks.
- Rate-limit expensive endpoints per IP and per user.
- Add timeouts and pagination to DB queries; reject huge payloads.
- Have a runbook: who flips the switch, how do you scale up, what do you tell users.
Reference videos
DDoS attacks explained
Cloudflare
Further reading