+ All Categories

Home > Software > Application-level Denial of Service

Application-level Denial of Service

Date post:	22-Jan-2017
Category:	Software
Upload:	vladimir-garbuz
View:	98 times
Download:	0 times

Download Report this document

Share this document with a friend

Embed Size (px):

21

Vladimir Garbuz FILLING THE VOID: Application-level DoS

Transcript

Page 1: Application-level Denial of Service

Vladimir Garbuz

FILLING THE VOID:Application-level DoS

Page 2: Application-level Denial of Service

fear the XML: billion laughs

Page 3: Application-level Denial of Service

fear the XML: oversized XXE

Page 4: Application-level Denial of Service

fear the XML: soap arrays

Page 5: Application-level Denial of Service

fear the XML: too much to handle

Page 6: Application-level Denial of Service

fear the XML: large soap for DOM parsers

Page 7: Application-level Denial of Service

fear the XML: xslt processing

Page 8: Application-level Denial of Service

fear the XML: signatures - many, xslt

Page 9: Application-level Denial of Service

fear the XML: signatures – RetrievalMethod

Page 10: Application-level Denial of Service

fear the XML: signatures/encryption reference

Page 11: Application-level Denial of Service

fear the XML: nested encryption

Page 12: Application-level Denial of Service

processing oversized data

Page 13: Application-level Denial of Service

REDoS – catastrophic backtracking

Page 14: Application-level Denial of Service

complex operations – look-alike, globbing, etc

Page 15: Application-level Denial of Service

logic fuckups – multiple sorting, grouping, etc

Page 16: Application-level Denial of Service

zero-bytes in input

Page 17: Application-level Denial of Service

unpacking: recursion

Page 18: Application-level Denial of Service

unpacking: large low-entropy data

Page 19: Application-level Denial of Service

heavy functionality invokation

Page 20: Application-level Denial of Service

slow HTTP

Page 21: Application-level Denial of Service

Questions and Discussion

Recommended

Denial-of-Service (DoS) & Web Attackscs161/sp11/slides/2.17.dos-web.pdf · Transport-Level Denial-of-Service •Recall TCP’s 3-way connection establishment handshake –Goal: agree

GEORGIA WIC PROGRAM APPLICATION FOR VENDOR … · application may result in denial of the application or termination of the vendor agreement. Check (√) one A. New Application Re-Authorization

Application Level Protocols

2013 ERA & DENIAL MANAGER - Practice Insight ERA Document Final.pdf · The ERA Denial Manager is built with workflow in mind. This application as well as the Task Manager application

Denial Libinskind

Efficient Denial of Service Attacks on Web Application Platforms · 2016-11-23 · Efficient Denial of Service Attacks on Web Application Platforms Alexander “alech” Klink n.runs

FAMILY LAW CAN - cans.allardlss.comcans.allardlss.com/application/media/cans/Huang_68_Fall_2014_N...Class’12:’Family’Breakdown: ... Remedies"for"Denial"or"Frustrationof"Access

PUBLIC NOTICE Board.pdfNEW LICENSE APPLICATION DENIAL HEARINGS 10:00A.M. 6. NEW APPLICATION DENIAL HEARING (Continued from July 23, 2015) – For Possible Action: A R B H LLC Alan

The Joint Confidence Level Paradox, A History of Denial

Efficient Denial of Service Attacks on Web Application ...events.ccc.de/.../2007...web_application_platforms.pdfEfficient Denial of Service Attacks on Web Application Platforms Alexander

Temporal Lensing and its Application in Pulsing Denial-of-Service ...

Denial Of Service Attacksgabriel/files/DDOSFIST2004.pdfOctober’ 2004 by [email protected] Denial Of service attacks 6 Denial Of service attacks III Definitions: Denial Of Service (DOS)

A Better Measure of Mortgage Application Denial Rates...All denied applications come from the LCP pool, so the real denial rate (RDR) for LCP applications is 245,594 divided by 625,323,

Application Denial of Service - Quotium...Denial of Service attacks are not new and have been around before the days of the internet. DoS attacks were recorded in telephony days, utilizing

Application (Trustee Level)

P2P. Application-level overlays Focus at the application level.

Fiance Visa Application Denial because of DOMA (August 10, 2005)