16f6c0aecf
Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in.
43 lines
1006 B
Plaintext
43 lines
1006 B
Plaintext
== Why is this an issue?
|
|
|
|
``++sleep++`` is sometimes used in a mistaken attempt to prevent Denial of Service (DoS) attacks by throttling response rate. But because it ties up a thread, each request takes longer to serve that it otherwise would, making the application _more_ vulnerable to DoS attacks, rather than less.
|
|
|
|
|
|
=== Noncompliant code example
|
|
|
|
[source,php]
|
|
----
|
|
if (is_bad_ip($requester)) {
|
|
sleep(5); // Noncompliant
|
|
}
|
|
----
|
|
|
|
|
|
== Resources
|
|
|
|
* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[OWASP Top 10 2017 Category A6] - Security Misconfiguration
|
|
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
=== Message
|
|
|
|
Remove this call to "sleep".
|
|
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
=== on 21 May 2015, 09:40:53 Linda Martin wrote:
|
|
\[~ann.campbell.2] assigned for completion.
|
|
|
|
=== on 21 May 2015, 15:12:47 Ann Campbell wrote:
|
|
see what you think [~linda.martin]
|
|
|
|
endif::env-github,rspecator-view[]
|