Explore a comprehensive conference talk on building secure GraphQL APIs. Learn about the increasing adoption of GraphQL in production and the potential security risks it introduces. Discover best practices for designing secure GraphQL APIs through case studies and OWASP risk analysis. Gain insights into proactively planning for threats earlier in the API lifecycle. Compare the security challenges of GraphQL APIs to other popular API specifications and standards. Dive into topics such as over-fetching risks, introspection, field suggestions, denial of service attacks, batch query attacks, recursive relationships, SQL injection, and authorization. Understand the importance of custom scalars, persistent queries, and the current state of GraphQL development. Access valuable resources and learn about the GraphQL Foundation's efforts in promoting secure API development.
Don't Panic - A Developer's Guide to Building Secure GraphQL APIs
Overview
Syllabus
Introduction
About Me
GraphQL Story
NDC App
GraphQL Gateway
Why GraphQL Matters
Dont Panic
GitHub
WordPress
Instagram
National Vulnerability Database
Word Cloud
Example
The Collection
Creating a New Request
In introspection
Field Suggestions
Denial of Service
Batch Query Attack
Multiple Attempts
Recursive Relationships
Duplicate Fields
Fragments
Denialist
SQL Injection
Authorization
Denial of service attacks
Batch attack
Persistent queries
GraphQL introspection
Custom Scalars
State of GraphQL
Arrested Development
GraphQL Foundation
Resources
Taught by
NDC Conferences
