How would you detect and mitigate a Distributed Denial of Service (DDoS) attack targeting a client's web application?