OWASP: Denial of Service HTTP GET / POST Attack tool for Windows


This tool allows you to test your web applications to test availability concerns from Layer7 DoS HTTP GET and HTTP POST denial of service attacks.

Slow HTTP attack was covered in the OWASP AppSec DC presentation by Wong Onn Chee and Tom Brennan. In this attack type a client completes the request headers phase however it sends the request body (post payload) very slowly (e.g. – 1 byte/110sec). When you consider that, by default, Apache will accept a request body of up to 2GB in size, you can can see how effective this attack can be.

Leave a Reply

Your email address will not be published. Required fields are marked *