Security Test: Resource limiting bypass¶
Description¶
Default Severity:
Resource limiting bypass happens when an endpoint lets a client request more data than it should, usually because there's no proper check on the maximum allowed. This means that if someone deliberately requests huge amounts of data, it can overwhelm your system, slow it down, or even crash the server, leading to a denial of service. Often developers simply forget to set clear limits or rely too much on pagination without upper bounds. Without proper limits, your system becomes easy prey for attackers aiming to exhaust resources and disrupt your service.
Configuration¶
Identifier:
resource_limitation/resource_limiting_bypass
Examples¶
All configuration available:
Compliance and Standards¶
| Standard | Value |
|---|---|
| OWASP API Top 10 | API4:2023 |
| OWASP LLM Top 10 | LLM04:2023 |
| PCI DSS | 6.5.10 |
| GDPR | Article-32 |
| SOC2 | CC6 |
| PSD2 | Article-95 |
| ISO 27001 | A.12.6 |
| NIST | SP800-44 |
| FedRAMP | SC-5 |
| CWE | 770 |
| CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H |
| CVSS Score | 5.3 |