The recently published “OWASP API security top 10” report analyzes the anti-patterns that lead to vulnerabilities and security risks in APIs. In this 10 part series, we introduce these API anti-patterns. Every API professional should know about these anti-patterns.
API security anti-pattern for Lack of Resources & Rate Limiting
Sometimes APIs are published without enforcing limitations on the rate of access per user or per client/app. Such APIs may have poor performance and are susceptible to Denial of Service (DoS) attacks and brute-force attacks on the authentication.
Want to learn more?
- Part 1 Broken Object Level Authorization
- Part 2 Broken User Authentication
- Part 3 Excessive Data Exposure
- Part 4 Lack of Resources & Rate Limiting
Check out the complete OWASP API security paper. To secure access to your APIs, learn more about the OAuth in the OAuth Book, or the OAuth Course. To provide and use identity data in apps and APIs, learn more about OpenID
Also published on Medium.