LOGBOOK

HELP

Quiz Entry - updated: 2026.06.20

What is API4 Unrestricted Resource Consumption?

Without rate limits or size caps, a client can exhaust the API's resources — flooding it for a denial of service, or running up a huge cloud bill in pay-per-use environments.

Example: an endpoint that resizes uploaded images has no limit on file size or request rate. An attacker scripts thousands of uploads of 50 MB images; the server's CPU and memory are pinned resizing them (DoS), and if it auto-scales, the owner gets a four-figure cloud bill overnight. The risk is specifically resource exhaustion (CPU, memory, bandwidth, money), which is why the countermeasures are quotas, rate limits, max payload sizes, and spending alerts.

Issues:

  • DoS attacks - overwhelming the API
  • Unnecessary costs - especially in cloud/pay-per-use environments

Countermeasures:

  • Define limits (rate limiting, quotas)
  • Enforce maximum data size for requests/responses
  • Scale where needed but within budget
  • Validate input to prevent resource-intensive operations
  • Spending limits/alerts for cloud resources

From Quiz: SPRG / OWASP Top 10 | Updated: Jun 20, 2026