Blast radius is a concept, the scope-of-impact measure a thorough DDoS test is built to bound. It describes how far the effect of an attack (or of the test itself) spreads beyond its intended target: which downstream services, shared dependencies, tenants, or upstream links degrade when one endpoint is flooded. A flood aimed at a single API can take out a shared database, a common authentication service, or a NAT gateway that other workloads depend on.
Why it matters in DDoS testing
Blast radius cuts two ways. It is what an attacker exploits when a shared chokepoint amplifies a narrow flood into a broad outage, and it is the boundary a test must respect so a controlled exercise does not spill into unrelated production systems. Mapping shared dependencies before testing, then scoping the exercise to a bounded segment, keeps the measured failure contained and the conclusions clean.
How to scope an exercise so its blast radius stays contained is covered in running a DDoS test without disrupting production.