GraphQL security 101
GraphQL is quickly becoming the alternative to REST API, being able to request a specified set of data across multiple resources within a single request. But with great power come great security risks. A single point of failure could allow attackers to create complex queries and exhaust resources (DoS), or bypass authorization to retrieve unauthorized information. This hands-on workhop is a prefect match boost your GraphQL skills, and be able to exploit the wrong implementation of the framework.
Topics include
- Get familiar with GraphQL (mutation, queries,schema and types)
- Introspection: information disclosure
- /graphql as a single point of failure (DoS attacks)
- IDOR, Broken Access control and Injection in GraphQL
- How to avoid it
The workshop is meant for developers, architects and security folks