Resource Limitation: Response size¶

Identifier: response_size

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

Applications sending back much larger responses than intended can strain servers and clients, potentially leading to denial of service attacks where attackers intentionally trigger oversized responses to overwhelm resources.

How we test: We monitor response sizes from API endpoints and analyze if responses exceed configured limits. We check if applications properly validate input and enforce response size limits to prevent resource exhaustion attacks.

Configuration¶

Example¶

Example configuration:

---
security_tests:
  response_size:
    max_length: 10485760
    skip: false

Reference¶

`max_length`¶

Type : integer

The maximum length of the response in bytes.

`skip`¶

Type : boolean

Skip the test if true.