This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Cash Overflow"
From OWASP
Andrew Smith (talk | contribs) (Updated grammar, risk factors, threat agents) |
|||
| Line 8: | Line 8: | ||
==Description== | ==Description== | ||
| − | A Cash Overflow attack is a [[Denial of Service]] attack specifically aimed at exceeding the hosting costs for a cloud application, either essentially bankrupting the service owner or exceeding the application cost limits leading the | + | A Cash Overflow attack is a [[Denial of Service]] attack specifically aimed at exceeding the hosting costs for a cloud application, either essentially bankrupting the service owner or exceeding the application cost limits, leading the cloud service provider to disable the application. |
==Risk Factors== | ==Risk Factors== | ||
| − | + | * Given enough resources, fairly easy to launch attack | |
| − | + | * Quickly detected due to immediate downtime/resources consumption/logging | |
| + | * Impact usually limited to loss of availability | ||
==Related [[Threat Agents]]== | ==Related [[Threat Agents]]== | ||
| − | * [[:Category: | + | * Most likely an [[:Category:Internet_attacker]] |
| − | |||
==Related [[Attacks]]== | ==Related [[Attacks]]== | ||
| Line 26: | Line 26: | ||
==Related [[Controls]]== | ==Related [[Controls]]== | ||
| − | * | + | * DoS Prevention Techniques |
| − | |||
==References== | ==References== | ||
Latest revision as of 22:31, 30 December 2013
- This is an Attack. To view all attacks, please see the Attack Category page.
Last revision (mm/dd/yy): 12/30/2013
Description
A Cash Overflow attack is a Denial of Service attack specifically aimed at exceeding the hosting costs for a cloud application, either essentially bankrupting the service owner or exceeding the application cost limits, leading the cloud service provider to disable the application.
Risk Factors
- Given enough resources, fairly easy to launch attack
- Quickly detected due to immediate downtime/resources consumption/logging
- Impact usually limited to loss of availability
Related Threat Agents
- Most likely an Category:Internet_attacker
Related Attacks
Related Vulnerabilities
Related Controls
- DoS Prevention Techniques
References
- http://capec.mitre.org/data/index.html - Denial of Service through Resource Depletion
