Top 25 Denial-of-Service (DoS) Bug Bounty Reports

Cristian Cornea
The Startup
Published in
4 min readFeb 15, 2021

--

In this article, we will discuss Denial-of-Service vulnerabilities, how to find one, and present 25 disclosed reports based on this issue.

What is Denial-of-Service?

A Denial-of-Service (DoS) can be an attack vector or vulnerability through which you can make an application, machine, or network unresponsive to its users.

Types of Denial-of-Service (DoS) Attacks

Our main focus is on the Application-layer Denial-of-Service (DoS) attacks, that you can find in bug bounty programs, but we will also discuss most common types of Denial-of-Service:

  • Volume-based DoS/DDoS Attacks: ICMP Floods, Ping-of-Death (PoD), and more
  • Protocol-based DoS/DDoS Attacks: SYN Floods, Fragmented Packets Floods, Smurf DoS/DDoS Attacks, and more
  • Application-based Dos/DDoS Attacks: Web Application DoS/DDoS, Slowloris Attacks, GET/POST Floods.

How to test for Denial-of-Service in Applications

There are some common methods to test and find a Denial-of-Service vulnerability within a bug bounty program or even a penetration test:

  1. Test fields and forms that allow input of big size, causing…

--

--

Cristian Cornea
The Startup

🇷🇴 Founder: Zerotak Security | Cyber Security Training Centre of Excellence (CSTCE) | SectionX.io | BSides Transylvania