🚀 Join our AI Wargame at Black Hat Asia and our Workshop + Wargame at NDC Sydney .

Lack of Rate Limiting

Without the use of rate limiting, an adversary can make numerous repetitive requests and quickly deplete the available resources. This can result in denial of service or large-scale information leakage.

Remediation

Considering the business context of the program, implement a rate limit on every exposed endpoint (e.g., REST, GraphQL, etc.).

Metadata

  • Severity: low
  • Slug: lack-of-rate-limiting

CWEs

  • 770: Allocation of Resources Without Limits or Throttling
  • 400: Uncontrolled Resource Consumption

OWASP

  • A05:2021: Security Misconfiguration

Available Labs

Open Java labs in SecDim Play for this vulnerability.

Try it yourself

Find, Hack and Fix Your First Vulnerability

Reading about security bugs is one thing — fixing one is how the skill sticks. Play a free challenge from the wargame, no setup required.