While web applications become richer and provide higher levels of user experiences, those run increasingly larger amounts of code on both server and client side. Few of the pages on the web server may be the performance bottlenecks. Identifying those pages gives both the application owner as well as an attacker a chance to be more efficient in performance or attack.
We will discuss a method of identifying the weakness of the web Application by performing series of regular requests to it. With some refinements and data normalizations performed on the gathered data, and then performing more testing based on the later it is possible to pinpoint to single most resource(CPU or DB) consuming page of the application. Armed with that information it is possible to perform more efficient DOS/DDOS attacks with very simple tools.
The presentation will be accompanied with a few demos of the tool performing testing and attacking on various targets. The tool will be published for the interested researches to play with.