Resource Limitation: Resource limiting bypass¶

Identifier: resource_limiting_bypass

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner

Description¶

Resource limiting bypass happens when an endpoint lets a client request more data than it should, usually because there's no proper check on the maximum allowed. This means that if someone deliberately requests huge amounts of data, it can overwhelm your system, slow it down, or even crash the server, leading to a denial of service. Often developers simply forget to set clear limits or rely too much on pagination without upper bounds. Without proper limits, your system becomes easy prey for attackers aiming to exhaust resources and disrupt your service.

Configuration¶

Example¶

Example configuration:

---
security_tests:
  resource_limiting_bypass:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference¶

`assets_allowed`¶

Type : List[AssetType]*

List of assets that this check will cover.

`skip`¶

Type : boolean

Skip the test if true.