Application-Level Denial of Service (DoS) attacks are a threat to nearly every website. DoS attacks are simple to launch, but by nature difficult to defend against. They are rather like a ‘malicious load test'. Modern websites are a diverse set of moving parts. A malicious actor only needs to find the point at which one of these systems is overwhelmed to bring your infrastructure to a halt. Some orginizations approach this problem by increasing capacity, perhaps leveraging the cloud to expand horizontally. This can be a successful mitigation strategy, but a combined historic and real-time view of who is accessing your website (and why) gives you the chance to actively defend as opposed to simply absorbing the traffic. Trending this data over time allows your response time to decrease while keeping your front door open. In this talk, I will cite examples, successes, lessons learned, and present a new open source project (DoDoS, written in a combination of Node.js and python) that can be used as a defense framework for mitigating these attacks.