Tuesday, 30 July 2013

OWASP HTTP GET/POST DOS Attack Tool


This tool allows you to test your web applications to test availability concerns from Layer7 DoS HTTP GET and HTTP POST denial of service attacks.

Slow HTTP attack was covered in the OWASP AppSec DC presentation by Wong Onn Chee and Tom Brennan. In this attack type a client completes the request headers phase however it sends the request body (post payload) very slowly (e.g. - 1 byte/110sec).  When you consider that, by default, Apache will accept a request body of up to 2GB in size, you can can see how effective this attack can be.


Download Here
NOTE:At the moment, its available for windows platform only.