|Application layer Denial-of-Service (DoS) attacks are generated by exploiting vulnerabilities of the protocol implementation or its design. Unlike volumetric DoS attacks, these are stealthy in nature and target a specific application running on the victim. There are several attacks discovered against popular application layer protocols in recent years. In this article, we provide a structured and comprehensive survey of the existing application layer DoS attacks and defense mechanisms. We classify existing attacks and defense mechanisms into different categories, describe their working, and compare them based on relevant parameters. We conclude the article with directions for future research.