Adding a scan rule for uploading a very large file for causing DDOS #16
Labels
Comments
preetkaran20
added
analysis
enhancement
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
Currently, there is no rule which can detect that the application is vulnerable to no limitation on size check which can cause DOS as all the application resources are impacted due to that. So we need to add a new ScanRule.
All the attack vectors are present at: https://github.com/SasanLabs/owasp-zap-fileupload-addon/tree/main/src/main/java/org/sasanlabs/fileupload/attacks and we can add our code to one of them.
Describe the solution you'd like
It is very complex to find out how can we achieve this so need to look and research online to figure out ways to find such vulnerability.
Additional context
We are adding a level in Owasp Vulnerable App that will not have any size limitation and hence that can help in testing this feature. SasanLabs/VulnerableApp#351
The text was updated successfully, but these errors were encountered: