AppSec Blog: Category - DoS

AppSec Blog:
28 Feb 2011

Taming the Beast - The Floating Point DoS Vulnerability

0 comments Posted by jmanico
Filed under DoS, java, php

Originally posted as Taming the Beast

The recent multi-language numerical parsing DOS bug has been named the "Mark of the Beast". Some claim that this bug was first reported as early as 2001.This is a significant bug in (at least) PHP and Java. Similar issues have effected Ruby in the past. This bug has left a number of servers, web frameworks and custom web applications vulnerable to easily exploitable Denial of Service.

Oracle has

...
Keep reading...

Tags: java, php, vulnerability
06 Jan 2010

DoS Attack After Action Report - Shell Scripts

0 comments Posted by Johannes Ullrich
Filed under defense, DoS

In my DDoS after action report, I am mentioning that it is helpful to have a couple simple shell scripts around to analyze your logs while under stress. I got some requests for these scripts, so here they are.

Keep reading...

Tags: bash, DoS, scripting, shell
RSS

Search Blog:

Categories

Recent Posts

Recent Comments

Popular Posts

Archives

Links

Latest Blog Posts

Security Testing: Less, but More Often can make a Big Difference
January 14, 2013 - 6:42 PM

Ask the Expert - Jim Manico
November 26, 2012 - 5:38 PM

Ask the Expert - Dan Cornell
November 05, 2012 - 8:48 PM

View More »

Latest Tweets @sansappsec

Starts in 15 min: Webcast on "Java Web Security by Example" [...]
February 19, 2013 - 5:45 PM

Starts in 1 hour: Webcast on "Java Web Security by Example" [...]
February 19, 2013 - 5:00 PM

Free webcast tomorrow: "Java Web Security by Example". Sign [...]
February 18, 2013 - 5:05 PM

Latest Papers

Setting Up a Database Security Logging and Monitoring Program
By Jim Horwath

Endpoint Security through Application Streaming
By Adam Walter

Auditing ASP.NET applications for PCI DSS compliance
By Christian Moldes

View More »

"Great course. Very valuable information that I can apply to my job immediately. Thank you!"
- Jeffrey Flagg, Command Information

"Wow, I had no idea, and I've been doing this for close to a decade."
- Michael Knopf, Abacus Technology

"Great overview of different types of attacks and how to mitigate them."
- Tim Sargent, Kinecta Federal Credit Union