OWASP Insufficient Attack Protection

September 10th, 2022

Insufficient Attack Protection

We must always assume that attackers have unlimited access to other machines behind the firewall.


pattern: track illegitimate requests by their origin

pattern: log bad requests by source principal

pattern: use API Gateways to block callers by API key

pattern: use API Gateways to throttle request rate by API key




This post was referenced in: