Application attacks are low traffic rate attacks which are very hard to detect. These are targeted at weaknesses in an application or server with the goal of establishing a connection and exhausting processes and transactions. Such attacks do not require a botnet type army; generating a low traffic rate needs few sources and the traffic type seems to be legitimate.
The most famous example of a Layer-7 attack is the HTTP Get/Post DDoS attack.
- HTTP Flood Attack: HTTP flood is a very common type of DDoS attack in which the cyber criminal exploits HTTP GET or POST requests to attack an online web server or application. The attacker forms a botnet army to send the targeted server a very large number of GET (image content) ...