Back to Glossary

Glossary Term

Missing Rate Limiting

Unlimited requests to sensitive endpoints enable brute-force and automation attacks.

1 min read

Share this definition

Post it to your feed or send it to teammates.

Missing Rate Limiting

1-minute read

What it is

Missing Rate Limiting occurs when applications fail to restrict repeated requests to sensitive endpoints like login, password reset, or resource-intensive APIs.

Why it matters

It enables brute-force attacks, credential stuffing, scripted abuse, and resource exhaustion because attackers can run unlimited attempts without friction.

How to reduce risk

  • Apply both global and endpoint-specific limits with clear enforcement actions
  • Monitor traffic patterns for anomalies at the network, user, and token level
  • Combine throttling with CAPTCHA, MFA, or risk scoring for sensitive flows

Related Terms: API Rate Limiting Bypass, Credential Stuffing, Brute-Force Attack

External Resources: