Safeguard
Tag

graphql

Safeguard articles tagged "graphql" — guides, analysis, and best practices for software supply chain and application security.

6 articles

Application Security

API security fundamentals: mapping the OWASP API Top 10 to real tests

OWASP's 2023 API Security Top 10 lists 10 risk categories — most start with a single curl request. Here's how to test and fix each one.

Jul 13, 202611 min read
Application Security

A primer on the OWASP API Security Top 10 and how to test for it

The OWASP API Security Top 10 dropped Injection entirely in its 2023 update and added SSRF — most REST and GraphQL teams still test for the old list.

Jul 10, 20267 min read
DevSecOps

GraphQL Supply Chain Security Considerations

Supply chain risks specific to GraphQL stacks: Apollo, graphql-js, persisted queries, introspection, and transitive risk in gateway federation.

Sep 30, 20245 min read
Application Security

GraphQL Injection Prevention: Securing Your API Layer

GraphQL's flexible query language introduces injection risks that differ fundamentally from REST APIs. Preventing GraphQL injection requires understanding the query parser, resolver chain, and schema design.

May 5, 20247 min read
Application Security

API Security Testing Against the OWASP API Top 10: A Hands-On Guide

APIs are now the primary attack surface for most applications. Here is how to test for the OWASP API Security Top 10 risks systematically.

Nov 5, 20237 min read
API Security

GraphQL API Security Best Practices

GraphQL gives clients extraordinary power over queries. That flexibility is also its biggest security risk. Here is how to lock it down without killing usability.

Sep 10, 20216 min read
graphql — Safeguard Blog