GraphQL Security

Your API Has Authorization Bugs. Hadrian Finds Them.

| | API security, Application Security, Authorization Testing, GraphQL Security, Offensive Security, Open Source Tools, OWASP API Security
Authorization vulnerabilities are the most common critical finding in our API penetration tests. We find them on nearly every engagement: a user changes an ID in the URL and gets back another ...
Offensive Security Blog: Latest Trends in Hacking | Praetorian
The Paradox of Disabling GraphQL Introspection: Lessons from the Parse Server GraphQL API vulnerability

The Paradox of Disabling GraphQL Introspection: Lessons from the Parse Server GraphQL API vulnerability

| | graphql, GraphQL Introspection, GraphQL Security
Last week, the security community was alerted to a vulnerability in Parse Server GraphQL API, which allowed public access to the GraphQL schema without requiring a session token or the master key ...
Escape DAST - Application Security Blog
The State of GraphQL Security 2024

The State of GraphQL Security 2024

| | API security, Application Security, graphql, GraphQL Security
Insights from 13,000 GraphQL API issues: Read our deep dive into the current state of GraphQL security ...
Escape - The API Security Blog
How to secure GraphQL?

How to secure GraphQL APIs: challenges and best practices

| | API security, graphql, GraphQL Security
Dive into the complexities of securing GraphQL APIs and common vulnerabilities and learn best practices for enhancing GraphQL security ...
Escape - The API Security Blog