Question

Most people are familiar with Denial of Service (DoS) attacks in the context of a web site. What does a Denial of Service attack mean for a Java application? Write a paragraph explaining this, and then give two guidelines for Java programmers to protect against Denial of Service attacks. Consult at least two different sources and cite your sources. Your notes should be no more than 1 page in length.

Answer 1

ANSWER:

Denial of Service (DoS) is a cyber-attack on an individual Computer or Website with intent to deny services to intended users.Their purpose is to disrupt an organization’s network operations by denying access to its users.Denial of service is typically accomplished by flooding the targeted machine or resource with surplus requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.

The Denial of Service (DoS) attack is focused on making a resource (site, application, server) unavailable for the purpose it was designed. There are many ways to make a service unavailable for legitimate users by manipulating network packets, programming, logical, or resources handling vulnerabilities, among others. If a service receives a very large number of requests, it may cease to be available to legitimate users. In the same way, a service may stop if a programming vulnerability is exploited, or the way the service handles resources it uses.

Sometimes the attacker can inject and execute arbitrary code while performing a DoS attack in order to access critical information or execute commands on the server. Denial-of-service attacks significantly degrade the service quality experienced by legitimate users. These attacks introduce large response delays, excessive losses, and service interruptions, resulting in direct impact on availability.

If users can supply, directly or indirectly, a value that will specify how many of an object to create on the application server, and if the server does not enforce a hard upper limit on that value, it is possible to cause the environment to run out of available memory. The server may begin to allocate the required number of objects specified, but if this is an extremely large number, it can cause serious issues on the server, possibly filling its whole available memory and corrupting its performance.

The following is a simple example of vulnerable code in Java:

String TotalObjects = request.getParameter(“numberofobjects”);

int NumOfObjects = Integer.parseInt(TotalObjects);

ComplexObject[] anArray = new ComplexObject[NumOfObjects]; // wrong!

Similar to the previous problem of User Specified Object Allocation, if the user can directly or indirectly assign a value that will be used as a counter in a loop function, this can cause performance problems on the server.

The following is an example of vulnerable code in Java:

public class MyServlet extends ActionServlet {   

public void doPost(HttpServletRequest request, HttpServletResponse response)   

throws ServletException, IOException { . . .

String [] values = request.getParameterValues("CheckboxField"); /

/ Process the data without length check for reasonable range – wrong!   

for ( int i=0; i<values.length; i++) {

// lots of logic to process the request

}

. . . }

THANK YOU:)

IF YOU LIKE THE ANSWER PLEASE GIVE UP VOTE:)