Explore a comprehensive analysis of web application performance bottlenecks and potential vulnerabilities in this OWASP Foundation conference talk. Learn about a tool designed to identify resource-consuming pages through systematic testing and data normalization. Discover how this information can be leveraged for more efficient DOS/DDOS attacks using simple tools. Gain insights into the proposed method for detecting critical resources, statistical data normalization techniques, and the attack-like stage of testing. Examine the impact of commercial protection services and Apache configurations on server performance. Witness live demonstrations of the tool in action on various targets and learn about its availability for further research.