Many user activities incur costs of various natures, and needs to be throttled. In this scenario, an attacker tries to send spam comments.
Unlike our other signals, this one isn't enabled by default. You will need to turn it on in this page.
This rule also require the application to be instrumented as described here. The test application we're using has already been instrumented for this purpose.
Once the signal is enabled, you can run the attacks using our cli tool
docker run --rm -t --network appsec-threat-emulation-network asm/threat-cli run -a 9This command will run the cli inside the docker container. The CLI will send 200 spam comments to the vulnerable application.
Running attack #9: Spam campaign
Target URL: http://juiceshop:3000
✔ Sending spam: 200 spam messages sentAfter launching this attack, you will be able to find the traces in Datadog ASM explorer and a Rate limiting signal will be generated.
You can review the login traces by navigating to ASM trace
A Rate Limit Exceeded signal will be generated with severity medium. . You can review the security signals by navigating to ASM Signals
