DENIAL OF SERVICE TESTING

1. Testing for SQL Wildcard_Attacks
2. D Locking Customer Accounts
In this test we check whether an attacker can lock valid user accounts by repeatedly attempting to log in with a wrong password.
when we try to login by exist account and wrong password or  by not exist account and wrong password we get the following error message:


when we try to register by the axist account we get the following error message:

3. Buffer Overflows
4. User Specified Object Allocation
In this test we check whether it is possible to exhaust server resources by making it allocate a very high number of objects.

Our targets can not be attacked using this method:
 
5. User Input as a Loop Counter
6. Writing User Provided Data to Disk
With this test, we check that it is not possible to cause a DoS condition by filling the target disks with log data
7. Failure to Release Resources
With this test, we check that the application properly releases resources (files and/or memory) after they have been used.
8. Storing too Much Data in Session
In this test, we check whether it is possible to allocate big amounts of data into a user session object in order to make the server exhaust its memory resources.

Comments

Post a Comment

Popular posts from this blog

Grabbing Proxy With Selenium and Python

Image
Selenium is automated browser that can be controlled by script. Selenium support for many programming language like Java, csharp, python, ruby, php, perl, and javascript. This simple script for grabbing proxy list from freeproxylist.net website created with python. 1. Install python selenium        # apt-get install python-pip        # pip install selenium 2. Download browser driver     Chrome : https://sites.google.com/a/chromium.org/chromedriver/downloads Edge : https://developer.microsoft.com/en-us/microsoft-edge/tools/webdriver/ Firefox : https://github.com/mozilla/geckodriver/releases Safari : https://webkit.org/blog/6900/webdriver-support-in-safari-10/ Chose favorite browser you want. 3.  Run this script import os from selenium import webdriver from bs4 import BeautifulSoup from selenium.webdriver.common.keys import Keys chromedriver = "./chromedriver" # replace with your browser driver os.environ["webdriver.chrome.driver"] = chromed
Read more

Authorization Testing

Image
1. Testing for Path Traversal First, we test if it is possible to find a way to execute a path traversal attack and access reserved information About input vector: 2. Testing for bypassing authorization schema This kind of test focuses on verifying how the authorization schema has been implemented for each role/privilege to get access to reserved functions/resources. 3. Testing for Privilege Escalation During this phase, the tester should verify that it is not possible for a user to modify his or her privileges/roles inside the application in ways that could allow privilege escalation attacks.
Read more

Bypass HTML Field Restrictions

This time I learn about Bypass HTML Field Restrictions. I bypass the html form . In order to pass this lesson , I must submit the form with each field containing the value of unallowed . I have to submit an invalid value for all six fields in one delivery form provided . that is : select field which has two choices , radio button which has two choices , input field which retricted to 5 character, and disableinput field with a form that can not be filled . And this some way that I have tried to bypass it : First I submibt that form as usual and I did not find any change Then I tried to intercept request by webscarab, I change values that not provided there. but I not find any changes too. I studied again after it there are only 5 fields in the request when the procedure mentioned there are 6 fields . then I add a new field that is itself disableinput field , the parameter I get from the source web page . but I not find
Read more