Describe the bug
In our teaching environment, we use Shepherd as a practial examination in the infosec course. In order to pass, students must learn to use an attack proxy, and we recommend them to use ZAP. However, it is too easy for students unfamiliar with ZAP to launch spider/directory traversal/fuzzer attacks without them knowing. No big deal right? Wrong. These automated tools very quickly eat up all available mysql connections which pulls down the whole server. Worse still, there does not seem to be a timeout in the default config...we've had outages several hours long before we (as teachers) reboot tomcat and get things going

To Reproduce
Steps to reproduce the behavior:

1. Use ZAP to connect to Shepherd
2. Use a tool like fuzzer
3. Hundreds of requests are sent, eating up db connections
4. Server becomes unavailable

Expected behavior
The server should not eat up all connections

Environment
We're using tomcat 7, mysql 5.5 on centos 7.

More info
I think the best solution here would be to re-architect the database backend to use connection pooling