Denial Of Service Overview

DoS or Denial Of Service vulnerabilities will occur if there is some type of bottleneck within the software application. This could cause excessive cpu usage, memory leaks, disk i/o, slow or long ldap searches, database calls or large join operations. A Denial of Service attack could bring down an entire system to its knees. Additionally you will typically see strange and weird errors occurring when a system is under a stress or performance test situation.

There are not many ways to actually test for Denial of Service vulnerabilities. Stress testing, especially in critical application component area’s is vital to a software applications success. Typically code analysis can help in identifying potential slower area’s of code. But even this can be missed. A good strategy for a system test in both stress testing and performance testing is the best approach. All critical area’s and common application component area’s should be stress and performance tested.

Don’t rely on the firewall to block out Denial of Service attempts. Especially in todays world where typical firewalls leave port 80 open and allow traffic to hit the back end web applications. The software application should be robust enough to withstand an application layer Denial of Service attempt.