missing-rate-limiting-anti-pattern
Installation
SKILL.md
Missing Rate Limiting Anti-Pattern
Severity: High
Summary
Applications fail to restrict action frequency, allowing unlimited requests to endpoints. Enables brute-force attacks, data scraping, and denial-of-service through resource-intensive requests.
The Anti-Pattern
The anti-pattern is exposing endpoints (especially authentication/resource-intensive) without controlling request frequency per user or IP.
BAD Code Example
# VULNERABLE: The login endpoint has no rate limiting.
from flask import request, jsonify