Log in from a computer to take this course

You'll need to log in from a computer to start Introduction to DevOps. But you can practice or keep up your coding streak with the Codecademy Go app. Download the app to get started.

apple storegoogle store
Learn

In 2020 Google reported dealing with a DDOS attack that lasted for over six months. At peak times the traffic created by the attackers was at 2.5 Terabytes per second sent to over 160,000 servers. This was at the time, the largest DDOS attack by traffic volume ever recorded. Events such as these showcase that malicious actors have been creating ever larger and more powerful attacks.

Cyber-attacks are attempts to disrupt system services or steal an organization’s data. They can happen to businesses of different sizes and types. Some common types of cyber-attack include:

  • Distributed Denial of Service (DDOS) attacks try to crash a target by overwhelming it with requests.
  • SQL injection attacks try to run malicious database queries to reveal internal information.

Some techniques to handle these kinds of attacks include:

  • Filtering: Applications might have an infrastructure layer in front of them that detects incoming DDOS attacks and ignores similar traffic.
  • Validation: Checking that requests are valid and do not contain malicious code can help prevent attacks such as SQL injection.

When thinking about cyber-attacks, it is important to consider what attackers generally want. The prime target for most cyber-attacks is data. Cyber criminals often want to gain access to or destroy sensitive data. By employing security best practices we can be better protected against cyber-attacks.

Learn more about cyber-attacks in our Introduction to Cyber Security course!

Instructions

Consider this scenario: a malicious user submits a form that causes an application to run some database queries. These queries cause the application to delete information on thousands of users, causing delays in processing orders.

What kind of attack was this and how might it have been prevented?

Answer

This scenario most resembles an SQL injection attack. One of the most common prevention methods is input validation. Validation would look for database code in a request and reject it before it ran on a server.


Now we have some understanding of the types of problems we must build resiliency against. But how will we know that we are properly dealing with these problems? Next, we will discuss methods to measure how resilient our systems are.

Take this course for free

Mini Info Outline Icon
By signing up for Codecademy, you agree to Codecademy's Terms of Service & Privacy Policy.

Or sign up using:

Already have an account?