Tag Archives: serverless

Using Azure API Management to prevent Denial of Wallet attacks

While it would be high near impossible to DDoS a solution running on a serverless platform (scaling would just continue to handle all the requests it needed to), somebody still has to pay for the execution. Most (good) serverless implementations use what is often called “micro-billing” whereby you are billed only for each *actual execution* of your code. But, if we think of this nefariously and I send a few thousand requests/second to your endpoints guess what happens. Yup, one hefty bill. This has become known as a Denial of Wallet attack.