Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Pentesting APIs

You're reading from   Pentesting APIs A practical guide to discovering, fingerprinting, and exploiting APIs

Arrow left icon
Product type Paperback
Published in Sep 2024
Publisher Packt
ISBN-13 9781837633166
Length 290 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Maurício Harley Maurício Harley
Author Profile Icon Maurício Harley
Maurício Harley
Arrow right icon
View More author details
Toc

Table of Contents (18) Chapters Close

Preface 1. Part 1: Introduction to API Security
2. Chapter 1: Understanding APIs and their Security Landscape FREE CHAPTER 3. Chapter 2: Setting Up the Penetration Testing Environment 4. Part 2: API Information Gathering and AuthN/AuthZ Testing
5. Chapter 3: API Reconnaissance and Information Gathering 6. Chapter 4: Authentication and Authorization Testing 7. Part 3: API Basic Attacks
8. Chapter 5: Injection Attacks and Validation Testing 9. Chapter 6: Error Handling and Exception Testing 10. Chapter 7: Denial of Service and Rate-Limiting Testing 11. Part 4: API Advanced Topics
12. Chapter 8: Data Exposure and Sensitive Information Leakage 13. Chapter 9: API Abuse and Business Logic Testing 14. Part 5: API Security Best Practices
15. Chapter 10: Secure Coding Practices for APIs 16. Index 17. Other Books You May Enjoy

Identifying rate-limiting mechanisms

You just learned several ways to trigger DoS attacks against an API endpoint. We even sent a trivial but powerful DDoS wave of packets that made our target unable to handle them feasibly. The first option to protect against such types of threats is rate-limiting the traffic, also called throttling. For more information, see the link in the Further reading section.

Identifying rate-limiting mechanisms within an API is an essential aspect of both security and usability assessments. Rate limiting is designed to prevent abuse by limiting the number of requests a user can make in each period. It helps mitigate various attacks, such as brute force or DDoS, by capping the action frequency. This is achieved by applying a policy. This policy ensures that servers are not overwhelmed by too many requests at once, which could degrade service for others or lead to server failure. Rate limiting can be based on several factors, including IP addresses, user...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at £16.99/month. Cancel anytime