Requests per second (RPS) is a metric, one of the core rate units a thorough DDoS test is built to measure. It counts how many HTTP or HTTPS requests an application receives each second, often expressed at DDoS scale as kilo-requests per second (KRPS). RPS is the dimension that defines application-layer (L7) floods: each request is small on the wire but expensive at the origin, where it costs CPU, a worker thread, a TLS handshake, and often a database query, so a modest bandwidth figure can still exhaust the backend.
Why it matters in DDoS testing
L7 attacks are measured in request rate, not bandwidth, because the cost lives in the application, not the link. A server that streams video happily at 10 Gbps may fall over at a few thousand RPS of uncached dynamic requests. A test drives RPS against the expensive endpoints to find where worker pools, connection limits, and the database tier give out.
The application-layer attack classes behind this metric are covered in understanding DDoS attack vectors.