Resource Limitation: Security timeout¶

Identifier: frontend_timeout

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

When an application does not set suitable limits on how long a request can run, attackers can purposely send heavy or complex requests that take too long to process, tying up resources and potentially denying service to legitimate users. This issue usually happens when developers rely on arbitrary timeout thresholds that dont necessarily match the real-world demands of the application, leading to a situation where even a single carefully crafted query can slow down or temporarily incapacitate the service. Being unaware of proper timeout settings or defaulting to ones that are too generous is a common pitfall, and it leaves the system open to abuse and performance degradation.

References:

https://medium.com/workflowgen/graphql-query-timeout-and-complexity-management-fab4d7315d8d

Configuration¶

Example¶

Example configuration:

---
security_tests:
  frontend_timeout:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.