White Paper

Application DoS attacks exploit flaws in the bespoke application design and implementation to
prevent legitimate access to the victim’s services. They represent a subset of potential attacks
on such applications, as they are aimed specifically at disrupting operation rather than
subverting the application controls.
Attacks based on exploiting these flaws can offer the attacker a number of advantages over
traditional DoS attacks:
• The attacks will typically not be detectable or preventable by existing security
monitoring solutions1 – Since the attacks do not consume an unreasonable amount of
bandwidth and could, in many cases, be indistinguishable from normal traffic.
• Application attacks are more efficient – The attacker may not need as much resource at
their disposal to successfully complete the attack. Application level attacks target
bottlenecks and resources limitations within the application and do not require many
compromised “zombie” systems or a large amount of bandwidth. Furthermore, they
can be targeted at the weakest link in an environment – for example if a web-farm of a
hundred servers relies on a single back-office host to authenticate users, an application
attack may be able to directly target it.
• Application attacks are harder to trace – Application level attacks normally use HTTP or
HTTPS as their transport. Proxy servers can therefore be used to obfuscate the true
origin of the attacker; and many are available for an attacker to redirect his malicious
traffic. Many of these proxy servers do not keep logs of connection attempts and could
therefore successfully hide the true origin of the attacking host.