Denial of Service (DoS) attack is an attempt by hackers to make a network resource unavailable. It usually interrupts the host, temporary or indefinitely, which is connected to the internet. These attacks typically target services hosted on mission critical web servers such as banks, credit card payment gateways.
Step 1 − Launch WebGoat and navigate to 'Denial of Service' section. The snapshot of the scenario is given below. We need to login multiple times there by breaching maximum DB thread pool size.
Step 2 − First we need to get the list of valid logins. We use SQL Injection in this case.
Step 3 − If the attempt is successful, then it displays all valid credentials to the user.
Step 4 − Now login with each one of these user in at least 3 different sessions in order to make the DoS attack successful. As we know that DB connection can handle only two threads, by using all logins it will create three threads which makes the attack successful.
Perform thorough input validations.
Avoid highly CPU consuming operations.
It is better to separate data disks from system disks.