graphql-security
Safeguard articles tagged "graphql-security" — guides, analysis, and best practices for software supply chain and application security.
6 articles
GraphQL API Security: Introspection, Depth Limits, and Authorization
GraphQL's flexibility is its attack surface. Nested queries, introspection, and per-field authorization all fail differently than REST. Here's how to secure them.
Improving GraphQL security with static analysis
GraphQL's flexible query model breaks REST-era security assumptions. Here's how static analysis catches introspection leaks, DoS, and BOLA before deploy.
Building a secure GraphQL API with Node.js
A practical guide to securing Node.js GraphQL APIs: query complexity limits, field-level authorization, injection-safe resolvers, and CSRF hardening.
What is GraphQL Security
GraphQL's flexibility creates unique risks—excessive data exposure, DoS via nested queries, and broken field-level authorization. Here's how to defend it.
GraphQL injection and introspection abuse explained
How GraphQL injection, introspection abuse, and alias-based DoS attacks expose APIs to data leaks—illustrated by the 2021 Peloton breach.
Best API security testing tools
A practical, no-hype comparison of API security testing tools — from OWASP ZAP to Salt Security — covering REST/GraphQL coverage, posture management, and real tradeoffs.