Resource Limitation: Security timeout¶

Identifier: timeout

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

Applications without proper timeout limits can be exploited by attackers sending heavy or complex requests that consume resources and potentially deny service to legitimate users.

How we test: We send requests designed to trigger timeouts, such as complex GraphQL queries or resource-intensive operations. We analyze response times and server behavior to detect if timeout limits are missing or too generous, which could allow denial of service attacks.

References:

https://medium.com/workflowgen/graphql-query-timeout-and-complexity-management-fab4d7315d8d

Configuration¶

Example¶

Example configuration:

---
security_tests:
  timeout:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.