Unrestricted Resource Consumption

Unrestricted Resource Consumption occurs when APIs allow excessive use of computational, storage, or network resources without adequate limits, enabling attackers to degrade performance or cause denial-of-service.

Remediation

Implement strict rate limiting, request throttling, and concurrency controls on all API endpoints.
Define and enforce payload size limits, pagination, and timeouts for resource-intensive operations.
Monitor and alert on abnormal usage patterns; automatically block or slow abusive clients.
Use quotas and tiered service plans to cap maximum allowable resource usage per client.

Metadata

Severity: medium
Slug: unrestricted-resource-consumption

CWEs

770: Allocation of Resources Without Limits or Throttling
307: Improper Restriction of Excessive Authentication Attempts
400: Uncontrolled Resource Consumption

OWASP

A05:2021: Security Misconfiguration
API4:2023: Unrestricted Resource Consumption

Available Labs

Open Openapi labs in SecDim Play for this vulnerability.

easy

Evil API.api

Other Easy OpenAPI New Signature

easy

DoS.api

Other Easy OpenAPI Signature

Play AppSec WarGames

Want to skill-up in secure coding and AppSec? Try SecDim Wargames to learn how to find, hack and fix security vulnerabilities inspired by real-world incidents.

For Companies Play Now

Got a comment?

Join our secure coding and AppSec community. A discussion board to share and discuss all aspects of secure programming, AppSec, DevSecOps, fuzzing, cloudsec, AIsec code review, and more.