Exploiting API4 — 8 Real-World Unrestricted Resource Consumption Attack Scenarios (and How to Stop Them)
Unrestricted Resource Consumption (API4:2023) is the only threat category in the OWASP API Security Top 10 explicitly dedicated to Denial of Service (DoS) and resource abuse. But despite being just one category, attackers can exploit it in many different ways; from large file uploads and expensive GraphQL queries to abuse of metered third-party services like [...]
