Introduction to the API4:2019 – Lack of Resource and Rate Limiting Vulnerability

OWASP API4:2019 – Lack of resources and rate limiting

Nov 23, 2022

6 min read

Sudip Sengupta

In this article:

An Application Programming Interface (API) is one of the core components of a modern application framework that allows a software program to use the capabilities of another program without requiring a deep understanding of the third-party software’s implementation details. APIs also speed up an app development process by enabling quick access to cloud storage, following efficient application design patterns, and allowing app developers to opt for high-performance SaaS hybrid models. However, ineffective integration practices and generic application layer implementations often develop security vulnerabilities that are easily exploited in the modern threat landscape.

This article discusses the API4:2019, Lack of Resource and Rate Limiting vulnerability, common attack scenarios, its impacts on businesses, and remediation measures.

What is the Lack of Resources and Rate Limiting in Cyber Security?

Lack of Resource and Rate Limiting (API4:2019) is attributed by Online Web Application Security Project (OWASP) as one of the top 10 API-related security vulnerabilities that occurs when developers fail to limit the size of objects, the number of inbound requests and access requests from a single client (end-user or service) to a client application. Malicious users can leverage a lack of resources and rate limiting for several attack scenarios that result in API server performance issues. Exploiting the vulnerability, hackers can

Read more

Explore the site

More from the blog

Latest News