[OWASP-TESTING] Application DoS Section

Eoin Keary eoinkeary at hotmail.com
Fri Sep 2 10:58:37 EDT 2005

Point taken. thought solutions were in scope also but this is a testing 
guide. (Silly me)

Would removal/corruption/encryption of the authentication table in a DB say 
the "users" table be considered an App DoS? (So SQL inject a Delete 


>From: "Shields, Larry" <Larry.Shields at FMR.COM>
>To: "Eoin Keary" <eoinkeary at hotmail.com>,  
><owasp-testing at lists.sourceforge.net>
>Subject: RE: [OWASP-TESTING] Application DoS Section
>Date: Fri, 2 Sep 2005 09:50:31 -0400
>	But we're not trying to provide the solutions in this doc, just
>show how to test it and find the problems white/black box.  Limiting
>memory usage is good, but you can still starve the JVM, which DoSes the
>application, just not the whole box... Right?
>-----Original Message-----
>From: Eoin Keary [mailto:eoinkeary at hotmail.com]
>Sent: Friday, September 02, 2005 9:35 AM
>To: Shields, Larry; owasp-testing at lists.sourceforge.net
>Subject: RE: [OWASP-TESTING] Application DoS Section
>Hi Larry,
>regarding the Java example and memory usage,
>If the Java virtual machine JVM uses switches as follows this will limit
>the memory usage
>-Xmx10m sets the maximum heap sixe in megabytes (10MB in this example)
>-Xoss300k seys the maximum stack size in 1024 chunks -Xss64k sets the
>max native stack size for any thread in multiples of 1024.
>these can all be seen by typing "Java -X" at cmd line
>Just thought you would like to know.
> >From: "Shields, Larry" <Larry.Shields at FMR.COM>
> >To: <owasp-testing at lists.sourceforge.net>
> >Subject: [OWASP-TESTING] Application DoS Section
> >Date: Fri, 2 Sep 2005 09:00:28 -0400
> >
> >Here's my draft on this section
> >
> >  <<Application Layer Denial of Service.doc>>
> >
> >-Larry Shields, CISSP
> >
> >
> ><< ApplicationLayerDenialofService.doc >>
>Dating has never been easier - get FREE Match.com membership!
>SF.Net email is Sponsored by the Better Software Conference & EXPO
>September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
>Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
>Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
>owasp-testing mailing list
>owasp-testing at lists.sourceforge.net

Browse smarter with tabs - get the all-new MSN Toolbar! 

More information about the Owasp-testing mailing list