Safeguard
Tag

rate-limiting

Safeguard articles tagged "rate-limiting" — guides, analysis, and best practices for software supply chain and application security.

13 articles

Application Security

Designing a secure Node.js API gateway: auth, rate limits, validation, and signing

CVE-2020-15084 let attackers forge JWTs against express-jwt because one algorithm check was missing — a case study in why gateways need four defense layers, not one.

Jul 15, 20266 min read
Application Security

API gateway security: enforcing authN/authZ and rate limits at the edge

A single unauthenticated API endpoint exposed 37 million T-Mobile accounts in 2023. Edge-enforced authZ and identity-aware rate limits are how you prevent the repeat.

Jul 13, 20266 min read
Application Security

Building an authenticated, TLS-secured WebSocket server in Python

WebSockets skip same-origin checks by default — CWE-1385 exists because of it. Here's how to build one in Python with origin checks, TLS, and rate limits.

Jul 11, 20266 min read
Application Security

A practical REST API hardening checklist

OWASP's 2023 API Security Top 10 still ranks broken object-level authorization as the #1 risk — here's a concrete checklist for authn, rate limiting, and input validation.

Jul 8, 20266 min read
Security Guides

GraphQL API Security: Introspection, Depth Limits, and Authorization

GraphQL's flexibility is its attack surface. Nested queries, introspection, and per-field authorization all fail differently than REST. Here's how to secure them.

Jul 5, 20265 min read
Supply Chain Attacks

RubyGems Suspends New Signups After a 500-Package Malicious Flood (May 2026)

On 12-13 May 2026, RubyGems was hit by a coordinated spam-publishing flood that pushed 500+ malicious packages from newly-registered bot accounts. The registry paused new signups and re-enabled them on 16 May after tightening rate limiting with Fastly.

May 14, 20269 min read
Application Security

What is Rate Limiting

Rate limiting caps requests per client to stop credential stuffing and scraping. Learn how it works, the algorithms, and real breaches it prevents.

Mar 9, 20266 min read
AI Security

MCP Server Rate-Limiting Patterns

A practical look at rate-limiting patterns for Model Context Protocol servers, covering per-tool quotas, token budgets, burst control, and abuse-resistant designs.

Feb 15, 20267 min read
Application Security

How to set up API rate limiting

A practical, step-by-step guide to setting up API rate limiting — gateway and app-layer configs, algorithm choices, per-endpoint tuning, and how to verify it actually blocks abuse.

Feb 10, 20267 min read
Industry Analysis

Missing Rate Limiting on APIs and Login Endpoints

Missing rate limiting turned single APIs into 37-million-record breaches at T-Mobile and Optus. Here's why it happens, how attackers exploit it, and how to catch it first.

Nov 5, 20257 min read
DevSecOps

Docker Hub Rate Limit Changes and CI Impact

Docker's 2024 rate-limit reforms hit CI pipelines hard. Measured impact on 30 real build farms and the mirror and pull-through controls that fixed it.

Oct 3, 20245 min read
Application Security

API Gateway Security Patterns That Actually Work

API gateways sit between the internet and your services. Getting the security patterns right here multiplies your defense across every API behind them.

Dec 12, 20236 min read
rate-limiting — Safeguard Blog