API Unrestricted Resource Consumption

Remediation

To mitigate Unrestricted Resource Consumption vulnerabilities, implement the following security measures:

1. Resource Limits: Implement strict limits on resource consumption including CPU time, memory usage, and processing time per request.

2. Request Size Limits: Set maximum limits on request payload sizes to prevent resource exhaustion through large requests.

3. Timeout Controls: Implement appropriate timeout controls for API operations to prevent long-running requests from consuming resources.

4. Monitoring and Alerting: Monitor resource consumption patterns and implement alerting for abnormal usage that may indicate attacks.

About

Unrestricted Resource Consumption occurs when APIs do not properly limit resource usage, allowing attackers to exhaust system resources through malicious requests. This corresponds to OWASP API Security Top 10 2023 - API04: Unrestricted Resource Consumption.

Risks

Unrestricted Resource Consumption can result in:

• Denial of Service (DoS) attacks
• System resource exhaustion and instability
• Increased operational costs
• Service degradation for legitimate users
• Potential system crashes and downtime