GraphQL security 101

GraphQL is quickly becoming the alternative to REST API, being able to request a specified set of data across multiple resources within a single request. But with great power come great security risks. A single point of failure could allow attackers to create complex queries and exhaust resources (DoS), or bypass authorization to retrieve unauthorized information. This hands-on workhop is a prefect match boost your GraphQL skills, and be able to exploit the wrong implementation of the framework.

Topics include

Get familiar with GraphQL (mutation, queries,schema and types)
Introspection: information disclosure
/graphql as a single point of failure (DoS attacks)
IDOR, Broken Access control and Injection in GraphQL
How to avoid it

The workshop is meant for developers, architects and security folks

Name		Name	Last commit message	Last commit date
Latest commit History 33 Commits
lab1-info-introspection		lab1-info-introspection
lab2-dos-resource-exhaustion		lab2-dos-resource-exhaustion
lab3-mutation		lab3-mutation
lab4-IDOR		lab4-IDOR
lab5-injections		lab5-injections
.gitignore		.gitignore
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

lab1-info-introspection

lab1-info-introspection

lab2-dos-resource-exhaustion

lab2-dos-resource-exhaustion

lab3-mutation

lab3-mutation

lab4-IDOR

lab4-IDOR

lab5-injections

lab5-injections

.gitignore

.gitignore

README.md

README.md

Repository files navigation

GraphQL security 101

Topics include

About

Releases

Packages

Languages

sulaimanzai/graphql-security-labs

Folders and files

Latest commit

History

Repository files navigation

GraphQL security 101

Topics include

About

Resources

Stars

Watchers

Forks

Languages