SAMMY works best on screens 1024px wide or larger.
ASVS
Browse ASVS
V17.3: Media
V17.3.1
V17.3.1: Verify that the signaling server is able to continue processing legitimate incoming signaling messages during a flood attack. This should be achieved by implementing rate limiting at the signaling level.

Verify that the signaling server is able to continue processing legitimate incoming signaling messages during a flood attack. This should be achieved by implementing rate limiting at the signaling level.

Not applicable - The control is not applicable for the given scope.
Not implemented / not verified - The control is not implemented or not verified.
Limited implementation - The control is implemented for the most critical parts of the codebase. It is verified either manually (internally or externally) or automatically (using test cases or security automation tooling).
Systematic implementation - The control is systematically implemented and pervasive in the codebase. It is verified either manually (internally or externally) or automatically (using test cases or security automation tooling).
Full implementation - The control is fully implemented for the complete codebase. It is verified either manually (internally or externally) or automatically (using test cases or security automation tooling).
Description

Verify that the signaling server is able to continue processing legitimate incoming signaling messages during a flood attack. This should be achieved by implementing rate limiting at the signaling level.

V17.3.2
V17.3.2: Verify that the signaling server is able to continue processing legitimate signaling messages when encountering malformed signaling message that could cause a denial of service condition. This could include implementing input validation, safely handling integer overflows, preventing buffer overflows, and employing other robust error-handling techniques.

Verify that the signaling server is able to continue processing legitimate signaling messages when encountering malformed signaling message that could cause a denial of service condition. This could include implementing input validation, safely handling integer overflows, preventing buffer overflows, and employing other robust error-handling techniques.

Not applicable - The control is not applicable for the given scope.
Not implemented / not verified - The control is not implemented or not verified.
Limited implementation - The control is implemented for the most critical parts of the codebase. It is verified either manually (internally or externally) or automatically (using test cases or security automation tooling).
Systematic implementation - The control is systematically implemented and pervasive in the codebase. It is verified either manually (internally or externally) or automatically (using test cases or security automation tooling).
Full implementation - The control is fully implemented for the complete codebase. It is verified either manually (internally or externally) or automatically (using test cases or security automation tooling).
Description

Verify that the signaling server is able to continue processing legitimate signaling messages when encountering malformed signaling message that could cause a denial of service condition. This could include implementing input validation, safely handling integer overflows, preventing buffer overflows, and employing other robust error-handling techniques.