Unrestricted Resource Consumption

Unrestricted Resource Consumption occurs when APIs allow excessive use of computational, storage, or network resources without adequate limits, enabling attackers to degrade performance or cause denial-of-service.

Remediation

Implement strict rate limiting, request throttling, and concurrency controls on all API endpoints.
Define and enforce payload size limits, pagination, and timeouts for resource-intensive operations.
Monitor and alert on abnormal usage patterns; automatically block or slow abusive clients.
Use quotas and tiered service plans to cap maximum allowable resource usage per client.

Metadata

Severity: medium
Slug: unrestricted-resource-consumption

CWEs

770: Allocation of Resources Without Limits or Throttling
307: Improper Restriction of Excessive Authentication Attempts
400: Uncontrolled Resource Consumption

OWASP

A05:2021: Security Misconfiguration
API4:2023: Unrestricted Resource Consumption

Available Labs

Select a language to explore available labs for this vulnerability.

2 Labs

Openapi Labs

Openapi 2 labs

Explore 2 labs in Openapi.

No matching labs found

Try adjusting your language filter.

Play AppSec WarGames

Want to skill-up in secure coding and AppSec? Try SecDim Wargames to learn how to find, hack and fix security vulnerabilities inspired by real-world incidents.

For Companies Play Now

Got a comment?

Join our secure coding and AppSec community. A discussion board to share and discuss all aspects of secure programming, AppSec, DevSecOps, fuzzing, cloudsec, AIsec code review, and more.