Scribd
Upload
90 views15 pages

Lack of Resources & Rate Limiting Vulnerability

APIs have limited resources and receive multiple requests simultaneously. A lack of resources and rate limiting vulnerability occurs when an API does not set limits correctly or at all on the number of requests or resources handled per time period. This can cause the API to become unresponsive or unavailable when overloaded by unexpected high traffic or spike in calls. To prevent this vulnerability, proper limits must be set on execution timeouts, memory allocation, number of processes, file descriptors, requests per client, and records returned per request. Notifications should also display when limits are met and include the reset time.

Uploaded by

erick
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
90 views15 pages

Lack of Resources & Rate Limiting Vulnerability

APIs have limited resources and receive multiple requests simultaneously. A lack of resources and rate limiting vulnerability occurs when an API does not set limits correctly or at all on the number of requests or resources handled per time period. This can cause the API to become unresponsive or unavailable when overloaded by unexpected high traffic or spike in calls. To prevent this vulnerability, proper limits must be set on execution timeouts, memory allocation, number of processes, file descriptors, requests per client, and records returned per request. Notifications should also display when limits are met and include the reset time.

Uploaded by

erick
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 15

LACK OF RESOURCES &

RATE LIMITING VULNERABILITY


We’ll go through

some causes and preventions of


vulnerabilities in this category
THE LACK OF RESOURCES & RATE LIMITING
VULNERABILITY AFFECTS APIS
All APIs have limited resources and are being called by multiple clients simultaneously.

API Server
The risk occurs when the API is unable to effectively limit the number
of requests or deliverables handled in a given time period.

API Server

This webpage This webpage This webpage This webpage


is not available is not available is not available is not available
HOW CAN THE LACK OF RESOURCES &
RATE LIMITING VULNERABILITY HAPPEN?
This vulnerability occurs when an API’s rate limits or resource limits are not set correctly, or not set at all.

API Server
As a result, the API can become unresponsive or unavailable

API Server

This webpage This webpage


is not available is not available
when overloaded with unexpectedly high traffic, or a spike in calls.

API Server

This webpage This webpage


is not available is not available
This could be because a company grows faster than anticipated or is experiencing a particularly busy season.

API Server

This webpage This webpage This webpage This webpage


is not available is not available is not available is not available
Alternatively, attackers can intentionally monopolise an API’s resources by using malicious scripts.

API Server

This webpage This webpage This webpage This webpage


is not available is not available is not available
D !
is not available

CKE
H A
To prevent Lack of Resources & Rate Limiting vulnerabilities,
ensure the following limits are set properly:
Execution timeouts
Maximum allocable memory
The number processes permitted within a defined timeframe
Maximum number of file descriptors
To prevent Lack of Resources & Rate Limiting vulnerabilities,
ensure the following limits are set properly:
Maximum number of requests allowed per client
The number of records per page, which can be returned per
request
Be sure to display a notification when these limits are met
and include the time when the limit will be reset
Congratulations, you have now completed this module!

You might also like