Security Testing Denial of Service - Security Testing

What is Security Testing - Denial of Service?

Denial of Service(DOS) attack is an attempt by hackers to make a network resource unavailable. It is usually temporary or indefinitely interrupt the host which is connected to the internet. These attacks typically target services hosted on mission critical web servers such as banks, credit card payment gateways.

Symptoms of DOS

  • Having unusual slow network performance.
  • Unavailability of a particular web site.
  • Inability to access any web site.
  • Dramatic increase in the number of spam emails received.
  • Long term denial of access to the web or any internet services.
  • Unavailability of a particular web site.

Hands ON

1 . First, we need to Launch WebGoat and navigate to 'Denial of Service' section. The screenshot of this scenario is displayed below. We need to login multiple times there by breaching maximum DB thread pool size.

Security Testing Denial of Service

2 .Now, we need to get the list of valid logins. We will use SQL Injection in this case.

Security Testing Denial of Service

3 .If the attempt is fruitful , then it will display all valid credentials to the user.

Security Testing Denial of Service

4 .Now we must login with each one of these users in atleast 3 different sessions, to make the DoS attack successful.

As we are aware that DB connection can handle only 2 threads, using all logins it will manage 3 threads which makes the attack successful.

Security Testing Denial of Service

Preventing Mechanisms

  • We need to perform thorough input validations. It is better to expect worst negative case scenarios.
  • We need to avoid highly CPU consuming operations.
  • It is good to maintain seperate Data disks from system disks.

All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd Protection Status

Security Testing Topics