SQL Clone
SQLServerCentral is supported by Redgate
Log in  ::  Register  ::  Not logged in

Database DoS Whitepaper from Securosis

Securosis has released a whitepaper on their research with regards to database denial-of-service attacks. This whitepaper is platform agnostic. It does mention specific vulnerabilities that have been exposed and attacked with respect to database platform, but only to the extent that they show it's a universal problem.

One of the things the whitepaper covers are some potential ideas for attacks. For instance, adding a few thousand items to a shopping cart, then adding a few items and refreshing in a repetitive cycle. The refresh causes stock to be rechecked meaning the DB is hit. With such a large shopping cart you get locking and blocking and if you have enough clients, you can get the DB to stall, thereby bringing down the app. It also considers some of the available countermeasures.

All in all, it's a high level document that should prompt DB pros to think about how to protect the DB, especially if availability is important (when isn't) and if unavailability costs the organization money.


Dealing with Database Denial of Service whitepaper


K. Brian Kelley - Databases, Infrastructure, and Security

IT Security, MySQL, Perl, SQL Server, and Windows technologies.


No comments.

Leave a Comment

Please register or log in to leave a comment.