Skip to content

gabrielss4ntos/graphql-security-labs

 
 

Repository files navigation

GraphQL security 101

GraphQL is quickly becoming the alternative to REST API, being able to request a specified set of data across multiple resources within a single request. But with great power come great security risks. A single point of failure could allow attackers to create complex queries and exhaust resources (DoS), or bypass authorization to retrieve unauthorized information. This hands-on workhop is a prefect match boost your GraphQL skills, and be able to exploit the wrong implementation of the framework.

Topics include

  • Get familiar with GraphQL (mutation, queries,schema and types)
  • Introspection: information disclosure
  • /graphql as a single point of failure (DoS attacks)
  • IDOR, Broken Access control and Injection in GraphQL
  • How to avoid it

The workshop is meant for developers, architects and security folks

Interested in organizing a private workshop?

Check our full program here: https://1337.dcodx.com/trainings/workshops

Contact us at: info@dcodx.com

About

GraphQL security workshop labs

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • CSS 59.7%
  • HTML 20.1%
  • JavaScript 15.4%
  • Python 4.6%
  • Dockerfile 0.2%