AppSec Blog: Category - DoS

AppSec Blog:

Taming the Beast - The Floating Point DoS Vulnerability

Originally posted as Taming the Beast

The recent multi-language numerical parsing DOS bug has been named the "Mark of the Beast". Some claim that this bug was first reported as early as 2001.This is a significant bug in (at least) PHP and Java. Similar issues have effected Ruby in the past. This bug has left a number of servers, web frameworks and custom web applications vulnerable to easily exploitable Denial of Service.

Oracle has


DoS Attack After Action Report - Shell Scripts

In my DDoS after action report, I am mentioning that it is helpful to have a couple simple shell scripts around to analyze your logs while under stress. I got some requests for these scripts, so here they are.