As a Java developer I’m going to participate in a web project. So I’m trying to get informed on different aspects of web security.
Now I have came to the DoS attack subject and I’m trying to figure it out what I can/should do as a Java developer. Or may be it would be the system administrator job.
What comes to my mind at first is to implement the functionalities in a way so a single request can not take too much time and resources. For example to put some limits on the amount of the processed data. But I’m not sure if this will be applicable in all cases.
Should I take any care for DoS due to many requests?
Any advices will be appreciated.
Many thanks in advance!
DoS attacks are usually the concern of IT. If you are developing a web application, usually it’s behind a front controller (apache, nginx, etc) that forwards requests to your application container (Tomcat, Rails, etc… ). The front controllers usually/always have logic to deal with this issue
If you are an application developer, then concentrate on XSS attacks (http://en.wikipedia.org/wiki/Cross-site_scripting) as that is totally within the application developer’s responsabilities