This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Testing for Denial of Service"

From OWASP
Jump to: navigation, search
 
Line 1: Line 1:
{{Template:OWASP Testing Guide}}
+
{{Template:OWASP Testing Guide v2}}
  
 
The most common type of denial of service (DoS) attack is the kind used on a network to make a server unreachable by other valid users. The fundamental concept of a network DoS attack is a malicious user flooding enough traffic to a target machine, that it renders the target incapable of keeping up with the volume of requests it is receiving. When the malicious user uses a large number of machines to flood traffic to a single target machine, this is generally known as a distributed denial of service (DDoS) attack. These types of attacks are generally beyond the scope of what an application developer can prevent within their own code. This type of “battle of the network pipes” is best mitigated via network architecture solutions.
 
The most common type of denial of service (DoS) attack is the kind used on a network to make a server unreachable by other valid users. The fundamental concept of a network DoS attack is a malicious user flooding enough traffic to a target machine, that it renders the target incapable of keeping up with the volume of requests it is receiving. When the malicious user uses a large number of machines to flood traffic to a single target machine, this is generally known as a distributed denial of service (DDoS) attack. These types of attacks are generally beyond the scope of what an application developer can prevent within their own code. This type of “battle of the network pipes” is best mitigated via network architecture solutions.
Line 15: Line 15:
 
#[[DoS Testing: Storing too Much Data in Session]]
 
#[[DoS Testing: Storing too Much Data in Session]]
  
[[OWASP Testing Guide Table of Contents]]
+
[[OWASP Testing Guide v2 Table of Contents]]
 
{{Template:Stub}}
 
{{Template:Stub}}
 
[[Category:Denial of Service Attack]]
 
[[Category:Denial of Service Attack]]

Revision as of 23:30, 10 October 2006

OWASP Testing Guide v2 Table of Contents


The most common type of denial of service (DoS) attack is the kind used on a network to make a server unreachable by other valid users. The fundamental concept of a network DoS attack is a malicious user flooding enough traffic to a target machine, that it renders the target incapable of keeping up with the volume of requests it is receiving. When the malicious user uses a large number of machines to flood traffic to a single target machine, this is generally known as a distributed denial of service (DDoS) attack. These types of attacks are generally beyond the scope of what an application developer can prevent within their own code. This type of “battle of the network pipes” is best mitigated via network architecture solutions.

There are, however, types of vulnerabilities within applications that can allow a malicious user to make certain functionality or sometimes the entire website unavailable. These problems are caused by bugs in the application, often resulting from malicious or unexpected user input. This section will focus on application layer attacks against availability that can be launched by just one malicious user on a single machine.

Here are the DoS testings we will talk about:

  1. DoS Testing: Locking Customer Accounts
  2. DoS Testing: Buffer Overflows
  3. DoS Testing: User Specified Object Allocation
  4. DoS Testing: User Input as a Loop Counter
  5. DoS Testing: Writing User Provided Data to Disk
  6. DoS Testing: Failure to Release Resources
  7. DoS Testing: Storing too Much Data in Session

OWASP Testing Guide v2 Table of Contents

This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.