Strict Rate Limiting Policy Leads to Massive DoS

The following article is written based on my personal experience penetration testing web applications. Hope you enjoy it!

Photo by Sander Weeteling on Unsplash


As we all know, authentication endpoint has always been the first line of defense of web applications. It functions as the endpoint which verifies the identity of a currently existing user in the database or from a…