Insufficient Attack Protection

We must always assume that attackers have unlimited access to other machines behind the firewall.

pattern: track illegitimate requests by their origin

pattern: log bad requests by source principal

pattern: use API Gateways to block callers by API key

pattern: use API Gateways to throttle request rate by API key

(src:

• Model: OWASP top 10

• Book: release it! - Michael Nygard)