Skip to content

Resource Limitation: Response size

Identifier: response_size

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner

Description

Sometimes an application ends up sending back a much larger response than intended, which can put a strain on both the server and the client. This happens when inputs aren't properly validated or when theres no limit on how much data the server is allowed to return. It can slow down or even crash systems and open the door to denial of service attacks, where attackers intentionally trigger these oversized responses to overwhelm your resources. Developers often fall into the trap of assuming that just because they're returning data, bigger is better, without putting in place controls to check response sizes or detect unusual activity. This oversight can lead to unexpected system behavior and makes it easier for attackers to disrupt your services.

Configuration

Example

Example configuration:

---
security_tests:
  response_size:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference

assets_allowed

Type : List[AssetType]*

List of assets that this check will cover.

skip

Type : boolean

Skip the test if true.