

SE Radio 613: Shahar Binyamin on GraphQL Security
25 snips May 6, 2024
Shachar Binyamin, CEO and co-founder of Inigo, discusses GraphQL security with a focus on adoption, known security issues, mitigation strategies, and top recommendations. Topics include authentication, authorization, denial of service attacks, and solutions for building safe GraphQL applications.
AI Snips
Chapters
Transcript
Episode notes
GraphQL's Adoption and Impact
- GraphQL is a flexible API spec that accelerates front-end development by eliminating under-fetching and over-fetching.
- Its adoption is driven by developer enthusiasm but requires organizational support for successful deployment.
GraphQL Creates New Security Challenges
- GraphQL's free form nature opens new attack surfaces and security challenges.
- Issues include schema abuse, resource exhaustion, data leakage, and integrating existing access controls.
Obscure Endpoints to Reduce Attacks
- Avoid using common GraphQL endpoint paths to reduce automated abuse.
- Understand how attackers detect and fingerprint your GraphQL implementation to better protect it.