A Denial of Service (DoS) can occur when the web server is so overwhelmed that it can no longer respond to additional requests. A web server not properly tuned may become overwhelmed and cause a DoS condition even with expected traffic from users. To avoid a DoS, the web server must be tuned to handle the expected traffic for the hosted applications.
Review the web server documentation and deployed configuration to determine what parameters are set to tune the web server. Review the hosted applications along with risk analysis documents to determine the expected user traffic. If the web server has not been tuned to avoid a DoS, this is a finding.
Analyze the expected user traffic for the hosted applications. Tune the web server to avoid a DoS condition under normal user traffic to the hosted applications.