STRIDE IT
D: 0/3 Total: 0/18

D — Denial of Service

Denial of Service is about making a service unavailable—by exhausting time, memory, bandwidth, or critical limits. Availability is the target.

Service Overloaded by Requests

What it means

Attackers overwhelm a service so legitimate users can’t access it.

Why it matters

Downtime breaks trust and costs money.

How to mitigate

Rate-limit, cache, queue work, scale horizontally.

Resource Pool Exhaustion

Clicks consume a limited server resource pool. Flood the system to exhaust it.

Not solved
Service status: Healthy
Rate limit: OFF
Resource pool: 5000000 / 5000000
Requests handled: 0
Mission: Exhaust the pool (reach 0). Try manual clicks, then try an automated flood.
Attack instructions (DevTools)
Open DevTools → Console and run:
// Flood the button with clicks (naive DoS)
const btn = document.getElementById("attackBtn");
for (let i = 0; i < 50000; i++) btn.click();
Tip: Try it with rate limiting OFF vs ON.
Hint
“Attack scripts” are just loops that trigger many actions very fast. Without protections, you can exhaust resources quickly.

Slowloris (Connection Holding)

Instead of flooding, the attacker opens connections slowly and keeps them alive. The server runs out of connection slots.

Not solved
Server: Healthy
Idle timeout: ON
Open connections: 0 / 50
Legit users blocked: 0
Mission: Fill the server’s connection slots by keeping connections open. Try with idle timeout ON vs OFF.
Attack instructions (DevTools)
Open DevTools → Console and run:
// Slowloris-style: open connections slowly and keep them alive
let opened = 0;
var t = setInterval(() => {
  document.getElementById("openConnBtn").click();
  opened++;
  if (opened >= 80) clearInterval(t); 
}, 200); // (change to lower value to overload)
Tip: If idle timeout is ON, the server closes idle connections. If OFF, you can keep slots occupied much longer.

Task 3 — JSON Bomb (Deep Nesting)

A valid JSON payload can still cause DoS if parsing/processing becomes expensive. Your job: send a payload that overwhelms the system.

Not solved
Processor: Idle
Depth limit: ON
Detected depth: 0
Work units: 0
Mission: Submit a deeply nested JSON payload until the system becomes “Degraded” or “Unresponsive”.
Attack instructions (DevTools)
Open DevTools → Console and run:
(() => {
  // Build nested JSON safely
  const depth = 250; // try 80, 150, 250...
  let obj = {};
  for (let i = 0; i < depth; i++) obj = { a: obj };

  const payload = JSON.stringify(obj);
  document.getElementById("jsonInput").value = payload;
  // then click "Submit Payload"
})();
Tip: This payload is valid JSON — but can still cause DoS if the server processes it too deeply.