CWE-410
Insufficient Resource Pool
The product's resource pool is not large enough to handle peak demand, which allows an attacker to prevent others from accessing the resource by using a (relatively) large number of requests for resources.
Mitigation
Phase: Architecture and Design
Description:
- Do not perform resource-intensive transactions for unauthenticated users and/or invalid requests.
Mitigation
Phase: Architecture and Design
Description:
- Consider implementing a velocity check mechanism which would detect abusive behavior.
Mitigation
Phase: Operation
Description:
- Consider load balancing as an option to handle heavy loads.
Mitigation
Phase: Implementation
Description:
- Make sure that resource handles are properly closed when no longer needed.
Mitigation
Phase: Architecture and Design
Description:
- Identify the system's resource intensive operations and consider protecting them from abuse (e.g. malicious automated script which runs the resources out).
No CAPEC attack patterns related to this CWE.