Adversaries may target resource intensive features of applications to cause a denial of service (DoS), denying availability to those applications. For example, specific features in web applications may be highly resource intensive. Repeated requests to those features may be able to exhaust system resources and deny access to the application or the server itself.(Citation: Arbor AnnualDoSreport Jan 2018)
View in MITRE ATT&CK®Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name |
---|---|---|---|---|
AC-03 | Access Enforcement | Protects | T1499.003 | Application Exhaustion Flood |
AC-04 | Information Flow Enforcement | Protects | T1499.003 | Application Exhaustion Flood |
CA-07 | Continuous Monitoring | Protects | T1499.003 | Application Exhaustion Flood |
CM-06 | Configuration Settings | Protects | T1499.003 | Application Exhaustion Flood |
CM-07 | Least Functionality | Protects | T1499.003 | Application Exhaustion Flood |
SC-07 | Boundary Protection | Protects | T1499.003 | Application Exhaustion Flood |
SI-10 | Information Input Validation | Protects | T1499.003 | Application Exhaustion Flood |
SI-15 | Information Output Filtering | Protects | T1499.003 | Application Exhaustion Flood |
SI-04 | System Monitoring | Protects | T1499.003 | Application Exhaustion Flood |