This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Difference between revisions of "OWASP Periodic Table of Vulnerabilities - Denial of Service (Application Based)"

Jump to: navigation, search
Line 14: Line 14:
== Perimeter Solution ==
== Perimeter Solution ==
See Brute Force (Generic)Generic  
Perimeter anti-automation for application-based DoS is identical to [[OWASP Periodic Table of Vulnerabilities - Brute Force (Generic) / Insufficient Anti-automation|Generic Brute Force]].
== Framework Solution==
== Framework Solution==

Revision as of 07:42, 21 July 2013

Return to Periodic Table Working View

Denial of Service (Application Based)

Root Cause Summary

The root cause of an Application Based denial of service is when an attacker uses/exhausts/depletes all of the resources (such as bandwidth, database connections, disk storage, CPU, memory, threads, or application specific resources) on a system preventing legitimate users from using the system. To prevent depletion of resources the application must restrict the size or amount of resources that are requested or used.

Browser / Standards Solution


Perimeter Solution

Perimeter anti-automation for application-based DoS is identical to Generic Brute Force.

Framework Solution


Custom Framework Solution


Custom Code Solution

Profile resource-dependent transactions and build transaction queues and alerting when queues reach thresholds. Enforce transaction-based rate limits.

Discussion / Controversy

Denial of service vulnerabilities have other names including “resource exhaustion” and “resource depletion” and there are other types of denial of service attacks different from application including network and connection based.


OWASP - Application Denial of Service

CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')

CAPEC -119: Resource Depletion