Skip to content

Response size

Description

A very large response was detected.

Remediation

A response this large may be a forerunner sign of a DoS attack: your API should provide pagination or a similar way to limit the size of the response.

REST Specific

Asp_net Implement pagination or limit the size of responses to avoid large payloads that can affect performance and lead to potential denial of service. Consider using the 'Skip' and 'Take' LINQ methods for efficient data fetching in ASP.NET.
Ruby_on_rails Implement pagination or limit the number of records retrieved in a single request to avoid large responses that can degrade performance.
Next_js Implement server-side pagination or streaming to handle large datasets efficiently, and consider compressing responses with gzip or Brotli.
Laravel Implement pagination or limit the number of items returned in a single request to reduce response size in Laravel.
Express_js Implement pagination or limit the size of responses to avoid sending excessively large payloads. Use stream processing if dealing with large datasets.
Django Implement pagination or limit the size of the response by using Django's QuerySet slicing. For example, use `MyModel.objects.all()[:100]` to limit the response to the first 100 records.
Symfony In Symfony, to handle very large responses, consider using the StreamedResponse feature. This allows you to stream the response back to the client in smaller chunks, reducing memory usage and improving performance for large datasets.
Spring_boot Implement pagination or limit the size of the response using Spring Data's Pageable interface to prevent excessively large data transfers.
Flask Implement pagination or limit the size of responses by using Flask's request.args to retrieve query parameters and slicing query results accordingly.
Nuxt Implement pagination or limit the number of items returned in a single request to reduce response size in Nuxt.js applications.
Fastapi Implement pagination or limit the size of responses by using query parameters to restrict the amount of data returned in a single request within the FastAPI application.

Configuration

Identifier: resource_limitation/response_size

Options

  • threshold : Minimum size before raising an alert

Examples

Ignore this check

checks:
  resource_limitation/response_size:
    skip: true

Score

  • Escape Severity:

Compliance

  • OWASP: API7:2023

  • pci: 6.5.10

  • gdpr: Article-32
  • soc2: CC1
  • psd2: Article-95
  • iso27001: A.14.1
  • nist: SP800-53
  • fedramp: AC-4

Classification

  • CWE: 400

Score

  • CVSS_VECTOR: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  • CVSS_SCORE: 3.7