Authentication not detected on route without rate limit

Description

No authentication was detected for this exposed endpoint, which does not implement any rate-limiting protection.

A malicious user could abuse this endpoint to incur significant resources consumtion and potentially disrupt your application.

Rationale

This finding works by:

  • Identifying an API for which Datadog detected no authentication mechanism
  • Is processing traffic from the internet.
  • There is no business logic rate limiting rule associated with this endpoint

Remediation

  • Set up rate-limiting using a detection rule on this API
  • Implement authentication to prevent non-intended users interaction with the API
  • Require a challenge to prevent automated traffic and slow down resource exhaustion
  • Keep track of this business flow by adding business logic information to the endpoint
  • To improve authentication detection, you can configure custom authentication detection via the Endpoint Tagging Rules settings.