OWASP Insufficient Attack Protection

Insufficient Attack Protection

We must always assume that attackers have unlimited access to other machines behind the firewall.

pattern: track illegitimate requests by their origin pattern: log bad requests by source principal pattern: use API Gateways to block callers by API key pattern: use API Gateways to throttle request rate by API key

(src:

• Model: OWASP top 10
• Book: release it! - Michael Nygard)

Backlinks

• Model: OWASP top 10