This document summarizes two HTTP denial-of-service (DoS) attacks called Slowloris and R-U-D-Y. Slowloris abuses HTTP header handling by slowly injecting custom headers to keep connections open indefinitely. R-U-D-Y similarly abuses form fields to create zombie application threads. The document discusses how these attacks work, demonstrations of the attacks, and recommendations for mitigating them including modifying server timeouts and using a tool like ModSecurity to limit requests. Future research ideas are also proposed to explore HTTP protocol fuzzing and other potential attack vectors.