- Help Center
- Scanning & Testing
- API Testing
-
Getting Started
-
Platform Overview
-
Scanning & Testing
-
Troubleshooting Asset Blockers
-
Vulnerability Management
-
Attack Surface Management
-
Continuous Threat Exposure Management (CTEM)
-
Integrations
-
Reporting
-
Security Best Practices
-
Advanced Features & Customizations
-
Troubleshooting & FAQs
-
Updates & Announcements
How does Edgescan perform testing for lack of resources and rate limiting?
Edgescan includes rate limiting tests in all API testing.
Version Number: v1.0.1
Published Date: 9 Apr 2024
____________________________________________________________________________
Resource and rate limiting is performed as one of the final stages of the scan in which case a PUT or POST request is detected and the request is issued with a short delay a specific number of times to view the response if a restriction or block happens. We do not perform a lack of resource test as this performs a denial of service by exceeding the API’s processing speed and draining the resources creating a clog, this is commonly abused by malicious users using archived files to create a ZIP bomb. On request, it is possible for Edgescan to test this, but a UAT/preprod environment is recommended.