July 31, 2017
How can DDoS testing be done safely?
RedWolf DDoS testing is quite safe, as we manage the risks by:
1. Ensuring permissions are granted for every asset and network being tested.
2. Slowly ramping up traffic levels from very low levels.
3. Ramp-ups are done when client says to increase, not automatically or on a timer. People are always in full control of traffic levels.
4. Emergency stop all traffic in 2 seconds.
5. >99.9% of the time the applications recover in at most a few minutes when the test stops. In rare circumstances an application might need to be restarted by the application teams. If this happens it is also a finding that the application has some critical vulnerabilities that only could be uncovered with these tests.
That said, RedWolf recommends the customer have application team and load balancer teams be available during the test in case as system needs to be restarted.