[OWASP-TESTING] Application DoS Section

Eoin Keary eoinkeary at hotmail.com
Fri Sep 2 10:58:37 EDT 2005


Point taken. thought solutions were in scope also but this is a testing 
guide. (Silly me)

Would removal/corruption/encryption of the authentication table in a DB say 
the "users" table be considered an App DoS? (So SQL inject a Delete 
command).

Eoin






>From: "Shields, Larry" <Larry.Shields at FMR.COM>
>To: "Eoin Keary" <eoinkeary at hotmail.com>,  
><owasp-testing at lists.sourceforge.net>
>Subject: RE: [OWASP-TESTING] Application DoS Section
>Date: Fri, 2 Sep 2005 09:50:31 -0400
>
>	But we're not trying to provide the solutions in this doc, just
>show how to test it and find the problems white/black box.  Limiting
>memory usage is good, but you can still starve the JVM, which DoSes the
>application, just not the whole box... Right?
>
>-Larry
>
>-----Original Message-----
>From: Eoin Keary [mailto:eoinkeary at hotmail.com]
>Sent: Friday, September 02, 2005 9:35 AM
>To: Shields, Larry; owasp-testing at lists.sourceforge.net
>Subject: RE: [OWASP-TESTING] Application DoS Section
>
>Hi Larry,
>regarding the Java example and memory usage,
>
>If the Java virtual machine JVM uses switches as follows this will limit
>the memory usage
>
>-Xmx10m sets the maximum heap sixe in megabytes (10MB in this example)
>-Xoss300k seys the maximum stack size in 1024 chunks -Xss64k sets the
>max native stack size for any thread in multiples of 1024.
>
>these can all be seen by typing "Java -X" at cmd line
>
>Just thought you would like to know.
>
> >From: "Shields, Larry" <Larry.Shields at FMR.COM>
> >To: <owasp-testing at lists.sourceforge.net>
> >Subject: [OWASP-TESTING] Application DoS Section
> >Date: Fri, 2 Sep 2005 09:00:28 -0400
> >
> >Here's my draft on this section
> >
> >  <<Application Layer Denial of Service.doc>>
> >
> >-Larry Shields, CISSP
> >
> >
>
>
> ><< ApplicationLayerDenialofService.doc >>
>
>_________________________________________________________________
>Dating has never been easier - get FREE Match.com membership!
>http://match.msn.ie/match/mt.cfm?pg=channel&tcid=237596
>
>
>
>-------------------------------------------------------
>SF.Net email is Sponsored by the Better Software Conference & EXPO
>September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
>Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
>Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
>_______________________________________________
>owasp-testing mailing list
>owasp-testing at lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/owasp-testing

_________________________________________________________________
Browse smarter with tabs - get the all-new MSN Toolbar! 
http://toolbar.msn.ie





More information about the Owasp-testing mailing list