Top 25 Denial-of-Service (DoS) Bug Bounty Reports
In this article, we will discuss Denial-of-Service vulnerabilities, how to find one, and present 25 disclosed reports based on this issue.
What is Denial-of-Service?
A Denial-of-Service (DoS) can be an attack vector or vulnerability through which you can make an application, machine, or network unresponsive to its users.
Types of Denial-of-Service (DoS) Attacks
Our main focus is on the Application-layer Denial-of-Service (DoS) attacks, that you can find in bug bounty programs, but we will also discuss most common types of Denial-of-Service:
- Volume-based DoS/DDoS Attacks: ICMP Floods, Ping-of-Death (PoD), and more
- Protocol-based DoS/DDoS Attacks: SYN Floods, Fragmented Packets Floods, Smurf DoS/DDoS Attacks, and more
- Application-based Dos/DDoS Attacks: Web Application DoS/DDoS, Slowloris Attacks, GET/POST Floods.
How to test for Denial-of-Service in Applications
There are some common methods to test and find a Denial-of-Service vulnerability within a bug bounty program or even a penetration test:
- Test fields and forms that allow input of big size, causing…