Issue:
The web application did not implement rate limiting and thus, was not protected against an attacker abusing the web application by sending an excessive amount of requests. Attackers can use this lack of protection to cause Denial of Service (DoS) scenarios, as well as to gather large amounts of data out of the web application or brute force login credentials.
Recommendation:
To remediate this issue, rate limiting should be implemented.
A limitation should be configured for the number of web requests per user per API resource within a specific period of time. For example, 10 requests to a specific API endpoint within 30 seconds may be considered appropriate.
By reducing the volume of API requests, the risk of abuse and the overuse of server resources can be reduced.
How can this be implemented without using webMethods API gateway