Deepshikha Paty
DI-ASM
What is Lack of Resources & Rate Limiting?
This happens when an API doesn’t control:
- How many times someone can use it
- Or how large the data (like file size or number of requests) can be
So, an attacker can:
- Send tons of requests very fast
- Or upload huge files
This can slow down or crash the system — called a Denial of Service (DoS) attack.
In this context, it refers to the server or application running out of system resources (like CPU, memory, bandwidth, etc.) because the app is not controlling how many requests a user can make.
Example 1:
Lack of Resources: Overloading a Website
-
Example:
You notice that a website doesn’t have enough servers or resources to handle heavy traffic. So, you send many requests to the site all at once, causing it to slow down or crash. -
How it Works:
The website can’t handle all the requests because it's not designed to manage too many users or actions at the same time. -
Goal:
Make the site unresponsive or crash it, preventing real users from accessing the site.
Example 2:
Lack of Resources: Sending Big Files to Crash the Server
-
Example:
There’s a file upload feature on a website. The server has limited storage, and you upload huge files repeatedly, filling up its space and making it slow or unresponsive. -
How it Works:
The website can’t store the large files because its storage capacity is exhausted, so it starts slowing down or crashing. -
Goal:
Overload the server by consuming all its storage, making it impossible for others to upload files.
🎯 Why is it risky?
- The server gets overloaded
- It may stop working for real users
- Wastes money, resources, and hurts brand image
✅ How to prevent this?
- Add Captcha to stop bots/scripts
- Limit request rates (e.g., 1 OTP per 2 minutes)
- Set size limits for data uploads (like max file size, string length)
- Alert when limits are crossed