Authentication not detected on route without rate limit

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Description

No authentication was detected for this exposed endpoint, which does not implement any rate-limiting protection.

A malicious user could abuse this endpoint to incur significant resources consumtion and potentially disrupt your application.

Rationale

This finding works by:

  • Identifying an API for which Datadog detected no authentication mechanism
  • Is processing traffic from the internet.
  • There is no business logic rate limiting rule associated with this endpoint

Remediation

  • Set up rate-limiting using a detection rule on this API
  • Implement authentication to prevent non-intended users interaction with the API
  • Require a challenge to prevent automated traffic and slow down resource exhaustion
  • Keep track of this business flow by adding business logic information to the endpoint
  • To improve authentication detection, you can configure custom authentication detection via the Endpoint Tagging Rules settings.