Scribd Logo
Upload

Welcome to Scribd!

  • Lack of Resources & Rate Limiting Vulnerability

    Uploaded by

    erick
    35 views15 pages
    APIs have limited resources and receive multiple requests simultaneously. A lack of resources and rate limiting vulnerability occurs when an API does not set limits correctly or at all on the number of requests or resources handled per time period. This can cause the API to become unresponsive or unavailable when overloaded by unexpected high traffic or spike in calls. To prevent this vulnerability, proper limits must be set on execution timeouts, memory allocation, number of processes, file descriptors, requests per client, and records returned per request. Notifications should also display when limits are met and include the reset time.

    Original Description:

    OWASP TOP 10 lack of resources and rate limiting

    Original Title

    module_131_lack_of_resources_and_rate_limiting

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    APIs have limited resources and receive multiple requests simultaneously. A lack of resources and rate limiting vulnerability occurs when an API does not set limits correctly or at all on the number of requests or resources handled per time period. This can cause the API to become unresponsive or unavailable when overloaded by unexpected high traffic or spike in calls. To prevent this vulnerability, proper limits must be set on execution timeouts, memory allocation, number of processes, file descriptors, requests per client, and records returned per request. Notifications should also display when limits are met and include the reset time.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    35 views15 pages

    Lack of Resources & Rate Limiting Vulnerability

    Uploaded by

    erick
    APIs have limited resources and receive multiple requests simultaneously. A lack of resources and rate limiting vulnerability occurs when an API does not set limits correctly or at all on the number of requests or resources handled per time period. This can cause the API to become unresponsive or unavailable when overloaded by unexpected high traffic or spike in calls. To prevent this vulnerability, proper limits must be set on execution timeouts, memory allocation, number of processes, file descriptors, requests per client, and records returned per request. Notifications should also display when limits are met and include the reset time.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 15

    LACK OF RESOURCES &

    RATE LIMITING VULNERABILITY


    We’ll go through

    some causes and preventions of


    vulnerabilities in this category
    THE LACK OF RESOURCES & RATE LIMITING
    VULNERABILITY AFFECTS APIS
    All APIs have limited resources and are being called by multiple clients simultaneously.

    API Server
    The risk occurs when the API is unable to effectively limit the number
    of requests or deliverables handled in a given time period.

    API Server

    This webpage This webpage This webpage This webpage


    is not available is not available is not available is not available
    HOW CAN THE LACK OF RESOURCES &
    RATE LIMITING VULNERABILITY HAPPEN?
    This vulnerability occurs when an API’s rate limits or resource limits are not set correctly, or not set at all.

    API Server
    As a result, the API can become unresponsive or unavailable

    API Server

    This webpage This webpage


    is not available is not available
    when overloaded with unexpectedly high traffic, or a spike in calls.

    API Server

    This webpage This webpage


    is not available is not available
    This could be because a company grows faster than anticipated or is experiencing a particularly busy season.

    API Server

    This webpage This webpage This webpage This webpage


    is not available is not available is not available is not available
    Alternatively, attackers can intentionally monopolise an API’s resources by using malicious scripts.

    API Server

    This webpage This webpage This webpage This webpage


    is not available is not available is not available
    D !
    is not available

    CKE
    H A
    To prevent Lack of Resources & Rate Limiting vulnerabilities,
    ensure the following limits are set properly:
    Execution timeouts
    Maximum allocable memory
    The number processes permitted within a defined timeframe
    Maximum number of file descriptors
    To prevent Lack of Resources & Rate Limiting vulnerabilities,
    ensure the following limits are set properly:
    Maximum number of requests allowed per client
    The number of records per page, which can be returned per
    request
    Be sure to display a notification when these limits are met
    and include the time when the limit will be reset
    Congratulations, you have now completed this module!

    You might also like