[OWASP-TESTING] Application DoS Section

Shields, Larry Larry.Shields at FMR.COM
Fri Sep 2 09:50:31 EDT 2005

	But we're not trying to provide the solutions in this doc, just
show how to test it and find the problems white/black box.  Limiting
memory usage is good, but you can still starve the JVM, which DoSes the
application, just not the whole box... Right?


-----Original Message-----
From: Eoin Keary [mailto:eoinkeary at hotmail.com] 
Sent: Friday, September 02, 2005 9:35 AM
To: Shields, Larry; owasp-testing at lists.sourceforge.net
Subject: RE: [OWASP-TESTING] Application DoS Section

Hi Larry,
regarding the Java example and memory usage,

If the Java virtual machine JVM uses switches as follows this will limit
the memory usage

-Xmx10m sets the maximum heap sixe in megabytes (10MB in this example)
-Xoss300k seys the maximum stack size in 1024 chunks -Xss64k sets the
max native stack size for any thread in multiples of 1024.

these can all be seen by typing "Java -X" at cmd line

Just thought you would like to know.

>From: "Shields, Larry" <Larry.Shields at FMR.COM>
>To: <owasp-testing at lists.sourceforge.net>
>Subject: [OWASP-TESTING] Application DoS Section
>Date: Fri, 2 Sep 2005 09:00:28 -0400
>Here's my draft on this section
>  <<Application Layer Denial of Service.doc>>
>-Larry Shields, CISSP

><< ApplicationLayerDenialofService.doc >>

Dating has never been easier - get FREE Match.com membership! 

More information about the Owasp-testing mailing list