Resource Limitation: Pagination missing¶

Identifier: pagination_missing

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

APIs returning too much data at once without pagination can overwhelm clients and servers, potentially enabling denial-of-service attacks or exposing more sensitive data than necessary.

How we test: We analyze API responses to detect if pagination is missing by checking if endpoints return unbounded datasets. We verify if APIs properly implement pagination limits and if responses are restricted to reasonable data sizes.

References:

https://graphql.org/learn/pagination/

Configuration¶

Example¶

Example configuration:

---
security_tests:
  pagination_missing:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.