graphql
Safeguard articles tagged "graphql" — guides, analysis, and best practices for software supply chain and application security.
6 articles
API security fundamentals: mapping the OWASP API Top 10 to real tests
OWASP's 2023 API Security Top 10 lists 10 risk categories — most start with a single curl request. Here's how to test and fix each one.
A primer on the OWASP API Security Top 10 and how to test for it
The OWASP API Security Top 10 dropped Injection entirely in its 2023 update and added SSRF — most REST and GraphQL teams still test for the old list.
GraphQL Supply Chain Security Considerations
Supply chain risks specific to GraphQL stacks: Apollo, graphql-js, persisted queries, introspection, and transitive risk in gateway federation.
GraphQL Injection Prevention: Securing Your API Layer
GraphQL's flexible query language introduces injection risks that differ fundamentally from REST APIs. Preventing GraphQL injection requires understanding the query parser, resolver chain, and schema design.
API Security Testing Against the OWASP API Top 10: A Hands-On Guide
APIs are now the primary attack surface for most applications. Here is how to test for the OWASP API Security Top 10 risks systematically.
GraphQL API Security Best Practices
GraphQL gives clients extraordinary power over queries. That flexibility is also its biggest security risk. Here is how to lock it down without killing usability.