From the course: The OWASP API 2023 Top 10: An Overview
Unlock the full course today
Join today to access over 24,000 courses taught by industry experts.
API4:2023 Unrestricted Resource Consumption
From the course: The OWASP API 2023 Top 10: An Overview
API4:2023 Unrestricted Resource Consumption
- [Instructor] Next on the OWASP API Security Top 10 is unrestricted resource consumption. Here's how OWASP describes it. Satisfying API requests requires resources such as network bandwidth, CPU, memory, and storage. Other resources, such as emails, SMS, phone calls, or biometric validation, are made available by service providers via API integrations and paid for per request. Successful attacks can lead to Denial of Service or an increase of operational costs. Now, I know that was a mouthful, but let's break it down. You see, just like other vulnerabilities, this vulnerability occurs when APIs don't have proper safeguards in place to limit how they're used or accessed. But what makes this a tough one is that there are several ways the API can be vulnerable. For example, your API may be vulnerable if just one of these limits is missing or misconfigured. These can be the maximum number of processes, the maximum allocable…
Contents
-
-
-
-
(Locked)
API1:2023 Broken Object-Level Authorization3m 39s
-
(Locked)
API2:2023 Broken Authentication2m 54s
-
(Locked)
API3:2023 Broken Object-Property-Level Authorization3m 46s
-
(Locked)
API4:2023 Unrestricted Resource Consumption3m 9s
-
(Locked)
API5:2023 Broken Function-Level Authorization3m 8s
-
(Locked)
API6:2023 Unrestricted Access to Sensitive Business Flows2m 54s
-
(Locked)
API7:2023 Server-Side Request Forgery2m 11s
-
(Locked)
API8:2023 Security Misconfigurations3m 40s
-
(Locked)
API9:2023 Improper Inventory Management3m 5s
-
(Locked)
API10:2023 Unsafe Consumption of APIs3m 33s
-
(Locked)
-