OWASP Automated Threats

Target resources of the application and database servers, or individual user accounts, to achieve denial of service (DoS).

What is Denial of Service?

Usage may resemble legitimate application usage but leads to exhaustion of resources such as file system, memory, processes, threads, CPU, and human or financial resources. The resources might be related to web, application or databases servers or other services supporting the application, such as third-party APIs, included third-party hosted content, or content delivery networks (CDNs). The application may be affected as a whole, or the attack may be against individual users such as account lockout.

This ontology’s scope excludes other forms of denial of service that affect web applications, namely HTTP Flood DoS (GET, POST, Header with/without TLS), HTTP Slow DoS, IP layer 3 DoS, and TCP layer 4 DoS. Those protocol and lower layer aspects are covered adequately in other taxonomies and lists

Denial of Service is also known by terms such as account lockout, App layer DDoS, asymmetric resource consumption (amplification), Business logic DDoS, cash overflow, forced deadlock, hash DoS, inefficient code, indexer DoS, large files DoS, resource depletion, locking or exhaustion and sustained client engagement.


The symptoms of Denial of Service

  • 1
    Spikes in CPU, memory and network utilization
  • 2
    Unavailability of part or all of the application
  • 3
    Rise in user account lockouts
  • 3
    Rise is complaints about poor performance
  • 4
    Reduced website performance and service degradation


Sectors targeted by Denial of Service

  • Entertainment
  • Financial
  • Government
  • Retail
  • Technology
  • Social Networking


Can InfiSecure prevent Denial of Service?

InfiSecure’s bot protection service can protect websites from bad bot abuses that try to take a website down.