What are slow HTTP DoS (Slowloris) attacks?

Slow HTTP DoS (Slowloris) attacks are denial-of-service attacks against web servers that cause a large number of open connections by keeping HTTP requests open for a long time. Thread-based servers such as Apache and Microsoft IIS are vulnerable to Slowloris but event-based servers such as nginx are not. Read more about Slowloris attacks .

How common are slow HTTP DoS (Slowloris) attacks?

Every year Acunetix analyzes data from real targets to see how common are different types of vulnerabilities. This year, we found that 7.5% of web servers are still vulnerable to Slowloris attacks. Read more in our most recent web application vulnerability report .

How to detect slow HTTP DoS (Slowloris) vulnerabilities?

The Acunetix Web Vulnerability Scanner is capable of identifying slow HTTP vulnerabilities such as CVE-2007-6750 (Slowloris) and a lot of other vulnerabilities, too. Acunetix identifies more vulnerabilities than many other scanners and gives you vulnerability assessment and vulnerability management capabilities as well. Find out more about Acunetix Premium .

How to prevent slow HTTP DoS (Slowloris) attacks in Apache?

To mitigate slow HTTP DoS vulnerabilities in Apache, you can use several different modules: mod_reqtimeout to set timeouts for receiving HTTP request headers and the HTTP request body from a client, mod_qos to assign different priorities to different HTTP requests, and mod_security to detect attack attempts. Learn more about hardening your Apache installation .

Web Security Blog | Page 36 of 137

Mitigate Slow HTTP GET/POST Vulnerabilities in the Apache HTTP Server

Web Security Zone | June 6, 2019 by Ian Muscat

A slow HTTP Denial of Service attack (DoS), otherwise referred to as the Slowloris HTTP attack, makes use of HTTP GET requests to occupy all available HTTP connections permitted by a web server. It takes advantage of a vulnerability in thread-based web servers, which wait…

Visit Us at Black Hat USA 2019

Events | June 4, 2019 by Oksana Pure

Black Hat, founded by Jeff Moss (Dark Tangent), is one of the biggest and best-known cybersecurity conferences in the world. Organized in the USA since 1997 and in Europe and Asia since 2000, it is perceived as aimed at the corporate world but it caters…

PHP Security Guide

Web Security Zone | May 30, 2019 by Tomasz Andrzej Nidecki

PHP remains the most popular server-side language for websites and web applications. According to the latest data from w3techs, it is used by 79% of websites whose server-side language is known. Therefore, secure PHP programming and configuration are of critical importance. There are more reasons,…

Secure Your Node.js .env Files

Web Security Zone | May 29, 2019 by Acunetix

Node.js is an environment that helps you create server-side applications using JavaScript. One of the common Node.js elements that developers like and use are .env files. These files let you easily save and load environment variables. Developers often use them to store confidential information. However,…

Malta A.I. & Blockchain Summit 2019 Highlights

Events | May 28, 2019 by Oksana Pure

Acunetix held a stand at the Spring Edition of the Malta A.I. & Blockchain Summit 2019 that took place on May 23-24, 2019 on the ‘Blockchain Island’ of Malta, at the Hilton Business Centre. The event was very well received. It brought together over 5,500…

Chrome Tightens CSRF Protection

Web Security Zone | May 23, 2019 by Tomasz Andrzej Nidecki

The Chrome 76 browser, which is expected in July 2019, will include tighter controls for the SameSite cookie attribute. This attribute is used by website or web application developers when they set cookies. It specifies whether the cookie may be used in a third-party context….

Visit Us at the National Homeland Security Conference 2019

Events | May 21, 2019 by Oksana Pure

The National Homeland Security Conference is sponsored by the United States National Homeland Security Association. The conference is organized annually in various US locations since 2005. Its goal is to enable local homeland security and emergency management professionals to exchange information on anything related to…

Preventing NTP Reflection Attacks

Web Security Zone | May 20, 2019 by Tomasz Andrzej Nidecki

The Network Time Protocol (NTP) is the standard protocol for time synchronization in the IT industry. It is widely used by servers, mobile devices, endpoints, and network devices, irrespective of their vendor. The latest version of NTP (version 4) is defined in RFC 5905. The…

Acunetix Vulnerability Scanner Now With Network Security Scans

Product Releases | May 16, 2019 by Tamara Naudi

Seamless OpenVAS integration now also available on Windows and Linux London, UK – May 2019 – Acunetix, the pioneer in automated web application security software, has announced that Premium versions of the Acunetix Vulnerability Scanner now support network security scanning. Network security scans are possible…

Acunetix Web Security Blog