An introduction to JavaScript-based DDoS

Distributed Denial of Service (DDoS) attacks have become more diversified in recent years, with attackers using malicious JavaScript to trick unsuspecting web users into participating in these attacks. Unlike NTP or DNS reflection attacks, the potential volume for a JavaScript-based DDoS is nearly unlimited as any computer with a browser can be enrolled in the attack. This article discusses how attackers have been using malicious sites, server hijacking, and man-in-the-middle attacks to launch DDoS attacks. It also describes ways to protect your site from being used in these attacks by using HTTPS and an upcoming web technology called Subresource Integrity (SRI).