Denial of Service tests (DoS)
Providing services through the Internet and Web technologies represents for the company a substantial part of their business (e.g. banks, e-commerce) in these days. This fact is obvious for the attackers too, who – in the competitive struggle – are trying to harm their operators disabling the service. How are you ready for this?
Goal of the test
The purpose of the test is to verify the resistance against the attacks of services designed to denial of access to services operated by excessive operating load. The aim of the attack (and therefore the tests) can be a variety of services to the customer, usually web applications or email, or infrastructure components (routers, DNS).
Most often is for operators critical some of the web application
that presents or conveys the main business of the company. Therefore,
it is most often the web server services, respectively path
that
leads to it (routers, firewall, line).
The test progress
Test can be done at your chosen time and prevent problems with the availability for regular visitors or customers. Tests are also usually made in the form of short probes, it is not necessary a global long-term outage of your services.
Tests possibilities
Packet flooding (TCP SYN flood, UDP flood)
HTTP(s) flooding (number of connection)
Congestion by specific requirements that require non-trivial processing on the server side
Optional tests
E-mail DoS
DNS DoS
Possible extensions
Creating an emergency scenario in the case of DoS attack and failure
Benefits for you
Information about loads that your infrastructure is ready
Identification of vulnerable components
Designing countermeasures
The greatest benefit is achieved with the web application penetration test, which can detect vulnerabilities applicable to DoS attack.