How does Edgescan perform testing for lack of resources and rate limiting?
Edgescan includes rate limiting tests in all API testing.
Version Number: v1.0.1
Published Date: 9 Apr 2024
____________________________________________________________________________
Resource and rate limiting is performed as one of the final stages of the scan in which case a PUT or POST request is detected and the request is issued with a short delay a specific number of times to view the response if a restriction or block happens. We do not perform a lack of resource test as this performs a denial of service by exceeding the API’s processing speed and draining the resources creating a clog, this is commonly abused by malicious users using archived files to create a ZIP bomb. On request, it is possible for Edgescan to test this, but a UAT/preprod environment is recommended.