Database DoS Whitepaper from Securosis

Securosis has released a whitepaper on their research with regards to database denial-of-service attacks. This whitepaper is platform agnostic. It does mention specific vulnerabilities that have been exposed and attacked with respect to database platform, but only to the extent that they show it’s a universal problem.

One of the things the whitepaper covers are some potential ideas for attacks. For instance, adding a few thousand items to a shopping cart, then adding a few items and refreshing in a repetitive cycle. The refresh causes stock to be rechecked meaning the DB is hit. With such a large shopping cart you get locking and blocking and if you have enough clients, you can get the DB to stall, thereby bringing down the app. It also considers some of the available countermeasures.

All in all, it’s a high level document that should prompt DB pros to think about how to protect the DB, especially if availability is important (when isn’t) and if unavailability costs the organization money.

 

Dealing with Database Denial of Service whitepaper

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: