Slowloris is a Layer 7 "slow" denial-of-service attack. Instead of flooding a server with volume, it opens many connections and holds them open by sending partial HTTP requests one header at a time, very slowly, never completing them. Each held connection occupies a worker or socket, so a single host can exhaust a server's connection pool using almost no bandwidth.
Why it matters in DDoS testing
Slow attacks are dangerous precisely because they are quiet: the traffic rate is trivial, so rate-limit thresholds keyed on requests-per-second often never fire. A DDoS test validates the controls that actually matter here: connection and header timeouts, the maximum concurrent-connection limit, and whether the server returns worker capacity promptly when a connection stalls. A stack tuned only against volumetric floods frequently fails this test.
For how slow attacks sit among the L7 vectors, see Understanding DDoS Attack Vectors.