Explore GraphQL security in this NorthSec conference talk. Gain insights into attacking and defending GraphQL APIs, a REST alternative. Learn GraphQL basics, attack vectors, and defense strategies. Discover the Damn Vulnerable GraphQL Application (DVGA) for safe testing. Dive into topics like introspection, query batching, circular queries, and field duplication. Understand the challenges of securing new technologies and the importance of balancing adoption with security. Benefit from the speaker's extensive experience in Fintech and cybersecurity as you prepare for GraphQL's increasing presence in corporate networks.
Overview
Syllabus
Intro
Schema
Mutations
Just GraphQL things
Introspection
Field Suggestions
Query Batching
Query Aliasing
Circular Queries
Operation Name Tampering
Field Duplication
Summary
About the Vulnerability
About the Exploit
Like DVWA, but for GraphQL
Taught by
NorthSec
