GraphQL API Security
143 views
Skip to first unread message
Paulo Silva
Feb 16, 2021, 9:59:51 AM2/16/21
to API Security Project
Hello netlanders,
Since GraphQL is becoming more and more common, I would like to start
this thread so that we can share and discuss GraphQL security related
resources.
Last year we (API Security Project) contributed to the GraphQL cheat
sheet which was published late November. It is publicly available in
the link below:
https://cheatsheetseries.owasp.org/cheatsheets/GraphQL_Cheat_Sheet.html
Damn Vulnerable GraphQL Application (DVGA) is a GraphQL-specific
intentionally vulnerable application (aka goat) that can be used to
practice API security:
https://github.com/dolevf/Damn-Vulnerable-GraphQL-Application
What else, GraphQL-specific, do you have up your sleeve?
Cheers,
Paulo Silva
OWASP API Security Project - Project Main Maintainer
OWASP Go Secure Coding Practices Guide - Project Co-Leader
Since GraphQL is becoming more and more common, I would like to start
this thread so that we can share and discuss GraphQL security related
resources.
Last year we (API Security Project) contributed to the GraphQL cheat
sheet which was published late November. It is publicly available in
the link below:
https://cheatsheetseries.owasp.org/cheatsheets/GraphQL_Cheat_Sheet.html
Damn Vulnerable GraphQL Application (DVGA) is a GraphQL-specific
intentionally vulnerable application (aka goat) that can be used to
practice API security:
https://github.com/dolevf/Damn-Vulnerable-GraphQL-Application
What else, GraphQL-specific, do you have up your sleeve?
Cheers,
Paulo Silva
OWASP API Security Project - Project Main Maintainer
OWASP Go Secure Coding Practices Guide - Project Co-Leader
Nathan Aw
Feb 17, 2021, 12:41:58 PM2/17/21
to Paulo Silva, API Security Project
Hi Paulo,
How about GraphQL for Rust?
Thank you.
Regards,
Nathan Aw
--
You received this message because you are subscribed to the Google Groups "API Security Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to api-security-pro...@owasp.org.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/api-security-project/CAN%3DxGgNgzLqnGg2h4SmU02mY3_WtdcuQK-hv84yQ%3DOcK6c0A2A%40mail.gmail.com.
prjam...@gmail.com
Feb 17, 2021, 12:45:45 PM2/17/21
to Nathan Aw, Paulo Silva, API Security Project
Does anyone have guidance for securing aws amplify? Aws amplify does not support layer 7 WAF. Just interested in what others are doing to limit risk when using these services.
-Peter
On Feb 17, 2021, at 11:41 AM, Nathan Aw <nathan...@gmail.com> wrote:
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/api-security-project/CA%2Bp-ctarJ-FO0fTtX%2BfspvYNgJsC45cw06LbsR%3DLSsy%2BOqRFPg%40mail.gmail.com.
Paulo Silva
Feb 18, 2021, 4:58:53 AM2/18/21
to Nathan Aw, API Security Project
On Wed, Feb 17, 2021 at 5:41 PM Nathan Aw <nathan...@gmail.com> wrote:
>
> Hi Paulo,
>
> How about GraphQL for Rust?
>
I've started this thread to share/discuss GraphQL-specific security
>
> Hi Paulo,
>
> How about GraphQL for Rust?
>
contents and not so much GraphQL implementations.
As a security practitioner how do you keep up with
GraphQL-specific/common security issues? How do you practice?
Reply all
Reply to author
Forward
0 new messages