Skip to main content

Response size

Description

A very large response was detected.

Remediation

A response this large may be a forerunner sign of a DoS attack: your API should provide pagination or a similar way to limit the size of the response.

REST Specific

Asp_net

Implement pagination or limit the size of responses to avoid large payloads that can affect performance and lead to potential denial of service. Consider using the 'Skip' and 'Take' LINQ methods for efficient data fetching in ASP.NET.

Ruby_on_rails

Implement pagination or limit the number of records retrieved in a single request to avoid large responses that can degrade performance.

Next_js

Implement server-side pagination or streaming to handle large datasets efficiently, and consider compressing responses with gzip or Brotli.

Laravel

Implement pagination or limit the number of items returned in a single request to reduce response size in Laravel.

Express_js

Implement pagination or limit the size of responses to avoid sending excessively large payloads. Use stream processing if dealing with large datasets.

Django

Implement pagination or limit the size of the response by using Django's QuerySet slicing. For example, use MyModel.objects.all()[:100] to limit the response to the first 100 records.

Symfony

In Symfony, to handle very large responses, consider using the StreamedResponse feature. This allows you to stream the response back to the client in smaller chunks, reducing memory usage and improving performance for large datasets.

Spring_boot

Implement pagination or limit the size of the response using Spring Data's Pageable interface to prevent excessively large data transfers.

Flask

Implement pagination or limit the size of responses by using Flask's request.args to retrieve query parameters and slicing query results accordingly.

Nuxt

Implement pagination or limit the number of items returned in a single request to reduce response size in Nuxt.js applications.

Fastapi

Implement pagination or limit the size of responses by using query parameters to restrict the amount of data returned in a single request within the FastAPI application.

Configuration

Identifier: resource_limitation/response_size

Options

  • threshold : Minimum size before raising an alert

Examples

Ignore this check

checks:
  resource_limitation/response_size:
    skip: true

Score

  • Escape Severity: LOW

Compliance

  • OWASP: API7:2023

  • pci: 6.5.10

  • gdpr: Article-32

  • soc2: CC1

  • psd2: Article-95

  • iso27001: A.14.1

  • nist: SP800-53

  • fedramp: AC-4

Classification

  • CWE: 400

Score

  • CVSS_VECTOR: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  • CVSS_SCORE: 3.7