rate-limiting
Safeguard articles tagged "rate-limiting" — guides, analysis, and best practices for software supply chain and application security.
13 articles
Designing a secure Node.js API gateway: auth, rate limits, validation, and signing
CVE-2020-15084 let attackers forge JWTs against express-jwt because one algorithm check was missing — a case study in why gateways need four defense layers, not one.
API gateway security: enforcing authN/authZ and rate limits at the edge
A single unauthenticated API endpoint exposed 37 million T-Mobile accounts in 2023. Edge-enforced authZ and identity-aware rate limits are how you prevent the repeat.
Building an authenticated, TLS-secured WebSocket server in Python
WebSockets skip same-origin checks by default — CWE-1385 exists because of it. Here's how to build one in Python with origin checks, TLS, and rate limits.
A practical REST API hardening checklist
OWASP's 2023 API Security Top 10 still ranks broken object-level authorization as the #1 risk — here's a concrete checklist for authn, rate limiting, and input validation.
GraphQL API Security: Introspection, Depth Limits, and Authorization
GraphQL's flexibility is its attack surface. Nested queries, introspection, and per-field authorization all fail differently than REST. Here's how to secure them.
RubyGems Suspends New Signups After a 500-Package Malicious Flood (May 2026)
On 12-13 May 2026, RubyGems was hit by a coordinated spam-publishing flood that pushed 500+ malicious packages from newly-registered bot accounts. The registry paused new signups and re-enabled them on 16 May after tightening rate limiting with Fastly.
What is Rate Limiting
Rate limiting caps requests per client to stop credential stuffing and scraping. Learn how it works, the algorithms, and real breaches it prevents.
MCP Server Rate-Limiting Patterns
A practical look at rate-limiting patterns for Model Context Protocol servers, covering per-tool quotas, token budgets, burst control, and abuse-resistant designs.
How to set up API rate limiting
A practical, step-by-step guide to setting up API rate limiting — gateway and app-layer configs, algorithm choices, per-endpoint tuning, and how to verify it actually blocks abuse.
Missing Rate Limiting on APIs and Login Endpoints
Missing rate limiting turned single APIs into 37-million-record breaches at T-Mobile and Optus. Here's why it happens, how attackers exploit it, and how to catch it first.
Docker Hub Rate Limit Changes and CI Impact
Docker's 2024 rate-limit reforms hit CI pipelines hard. Measured impact on 30 real build farms and the mirror and pull-through controls that fixed it.
API Gateway Security Patterns That Actually Work
API gateways sit between the internet and your services. Getting the security patterns right here multiplies your defense across every API behind them.