43 lines
1008 B
Plaintext
43 lines
1008 B
Plaintext
== Why is this an issue?
|
|
|
|
``++sleep++`` is sometimes used in a mistaken attempt to prevent Denial of Service (DoS) attacks by throttling response rate. But because it ties up a thread, each request takes longer to serve that it otherwise would, making the application _more_ vulnerable to DoS attacks, rather than less.
|
|
|
|
|
|
=== Noncompliant code example
|
|
|
|
[source,php]
|
|
----
|
|
if (is_bad_ip($requester)) {
|
|
sleep(5); // Noncompliant
|
|
}
|
|
----
|
|
|
|
|
|
== Resources
|
|
|
|
* OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration]
|
|
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
=== Message
|
|
|
|
Remove this call to "sleep".
|
|
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
=== on 21 May 2015, 09:40:53 Linda Martin wrote:
|
|
\[~ann.campbell.2] assigned for completion.
|
|
|
|
=== on 21 May 2015, 15:12:47 Ann Campbell wrote:
|
|
see what you think [~linda.martin]
|
|
|
|
endif::env-github,rspecator-view[]
|