== Why is this an issue?

``++sleep++`` is sometimes used in a mistaken attempt to prevent Denial of Service (DoS) attacks by throttling response rate. But because it ties up a thread, each request takes longer to serve that it otherwise would, making the application _more_ vulnerable to DoS attacks, rather than less.


=== Noncompliant code example

[source,php]
----
if (is_bad_ip($requester)) {
  sleep(5);  // Noncompliant
}
----


== Resources

* OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration]


ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

=== Message

Remove this call to "sleep".


'''
== Comments And Links
(visible only on this page)

=== on 21 May 2015, 09:40:53 Linda Martin wrote:
\[~ann.campbell.2] assigned for completion.

=== on 21 May 2015, 15:12:47 Ann Campbell wrote:
see what you think [~linda.martin]

endif::env-github,rspecator-view[]