Hello netlanders,
Since GraphQL is becoming more and more common, I would like to start
this thread so that we can share and discuss GraphQL security related
resources.
Last year we (API Security Project) contributed to the GraphQL cheat
sheet which was published late November. It is publicly available in
the link below:
https://cheatsheetseries.owasp.org/cheatsheets/GraphQL_Cheat_Sheet.html
Damn Vulnerable GraphQL Application (DVGA) is a GraphQL-specific
intentionally vulnerable application (aka goat) that can be used to
practice API security:
https://github.com/dolevf/Damn-Vulnerable-GraphQL-Application
What else, GraphQL-specific, do you have up your sleeve?
Cheers,
Paulo Silva
OWASP API Security Project - Project Main Maintainer
OWASP Go Secure Coding Practices Guide - Project Co-Leader