Currently I have the below code for reading an InputStream. I am storing the whole file into a StringBuilder variable and processing this string afterwards. public static String getContentFromInpu...

CVE-2021-33623 states that the following code (fixed in this commit, which includes test cases) has issues related to ReDoS: trimNewlines.end = string => string.replace(/[\r\n]+$/, ''); But why...

This question about zip bombs naturally led me to the Wikipedia page on the topic. The article mentions an example of a 45.1 kb zip file that decompresses to 1.3 exabytes. What are the principles/t...

I'm wondering how to stop an unresponsive thread in Java, such that it's really dead. First of all, I'm well aware of Thread.stop() being deprecated and why it should not be used; there are already...

I am pretty sure that this error appeared only today and it never occurred before. When I create a new react app, the process found 1 high vulnerability: High: Denial of Service Package: http-pr...

How to prevent DoS attack through Java TreeMap? My code has an API which accepts a Map object. Now I want to prevent client to send Map objects of certain length. Now maxarray in jdk.serialFilter...

I'm looking for best practice advice/guidance (perhaps from Microsoft?) regarding denial of service (DoS) protection/mitigation for ASP.NET Core web applications. The main two options I have found...

What are the best practices in Django to detect and prevent DoS attacks... Are there any ready to use apps or middleware available which prevents website access and scan through bots?

I was reading about ReDOS. https://en.wikipedia.org/wiki/ReDoS It seems if you run this code in Node.js: console.time('aaa'); /^(a+)+$/.test('aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!') console.timeEnd('aa...

I'm developing a website and am sensitive to people screen scraping my data. I'm not worried about scraping one or two pages -- I'm more concerned about someone scraping thousands of pages as the a...

It is said that instead of adding all domains to CORS, one should only add a set of domains. Yet it is sometimes not trivial to add a set of domains. E.g. if I want to publicly expose an API then f...

DDoS (Distributed Denial of Service Attacks) are generally blocked on a server level right? Is there a way to block it on a PHP level, or at least reduce it? If not, what is the fastest and most ...

Currently, I am using Route53 to manage my domains, subdomains etc. But I want to add DDoS protection to my endpoints. So I want to use Cloudflare also. But I couldn't find a way to use two of them...

How is it possible to implement a slowban that will not be a tool for DoS to our site? The problem is that a deliberate delay in serving an http response will keep server resources busy (web serve...

We have a web app that is being hosted on Azure and have run Qualys security scans against it that tell us that it is vulnerable to an HTTP Slow Post attack. The analysis from Qualys tells us that ...

I'm looking for a servlet filter library that helps me secure our web service against unauthorized usage and DDoS. We have "authorized clients" for our web service, so ideally the filter would hel...

What tools or techniques can I use to protect my ASP.NET web application from Denial Of Service attacks

Customer.find(:all, :select => 'id', :order => 'updated_at DESC', :readonly => true, :conditions => { :status_id => Customer.id_for_status(params[:id].to_sym) }, :offset => offset...

I'm writing a small web application as I'm learning to use the features of Parse.com. Since application_id and javascript_key are both public (as explained in the doc), it means anyone is free to ...

I've run into a situation where an infinite loop on the client is crashing the Meteor server. The infinite loop is a bug that I will fix, and not the subject of this question. My concern is that a ...

We're developing a web service hosted in Windows Azure. We expect that at some moments bad guys try to DDOS it. I Googled and didn't find anything new and definitive (this one is rather vague) abou...

I'm in the process of writting a highly scaleable browser based web chat server using nodejs. The concept involved is simple - first it checks browser for websocket support. If not suported o...

So this is more of a general question on the best practice of preventing DoS attacks, I'm just trying to get a grasp on how most people handle malicious requests from the same IP address which is t...

I can't access Plesk Amdin because of DOS attack; can I block a hostname or IP address through SSH? If so, how would I be able to do this? Thank you!

I'm writing a web application that has an XML API in PHP, and I'm worried about three specific vulnerabilities, all related to inline DOCTYPE definitions: local file inclusion, quadratic entity blo...