🚀 Join our AI Wargame at Black Hat Asia and our Workshop + Wargame at NDC Sydney .

Unrestricted Resource Consumption

Unrestricted Resource Consumption occurs when APIs allow excessive use of computational, storage, or network resources without adequate limits, enabling attackers to degrade performance or cause denial-of-service.

Remediation

  • Implement strict rate limiting, request throttling, and concurrency controls on all API endpoints.
  • Define and enforce payload size limits, pagination, and timeouts for resource-intensive operations.
  • Monitor and alert on abnormal usage patterns; automatically block or slow abusive clients.
  • Use quotas and tiered service plans to cap maximum allowable resource usage per client.

Metadata

  • Severity: medium
  • Slug: unrestricted-resource-consumption

CWEs

  • 770: Allocation of Resources Without Limits or Throttling
  • 307: Improper Restriction of Excessive Authentication Attempts
  • 400: Uncontrolled Resource Consumption

OWASP

  • A05:2021: Security Misconfiguration
  • API4:2023: Unrestricted Resource Consumption

Available Labs

Select a language to explore available labs for this vulnerability.

No matching labs found

Try adjusting your language filter.

Try it yourself

Find, Hack and Fix Your First Vulnerability

Reading about security bugs is one thing — fixing one is how the skill sticks. Play a free challenge from the wargame, no setup required.