Software Engineering Radio - the podcast for professional software developers

SE Radio 613: Shahar Binyamin on GraphQL Security

25 snips
May 6, 2024
Shachar Binyamin, CEO and co-founder of Inigo, discusses GraphQL security with a focus on adoption, known security issues, mitigation strategies, and top recommendations. Topics include authentication, authorization, denial of service attacks, and solutions for building safe GraphQL applications.
Ask episode
AI Snips
Chapters
Transcript
Episode notes
INSIGHT

GraphQL's Adoption and Impact

  • GraphQL is a flexible API spec that accelerates front-end development by eliminating under-fetching and over-fetching.
  • Its adoption is driven by developer enthusiasm but requires organizational support for successful deployment.
INSIGHT

GraphQL Creates New Security Challenges

  • GraphQL's free form nature opens new attack surfaces and security challenges.
  • Issues include schema abuse, resource exhaustion, data leakage, and integrating existing access controls.
ADVICE

Obscure Endpoints to Reduce Attacks

  • Avoid using common GraphQL endpoint paths to reduce automated abuse.
  • Understand how attackers detect and fingerprint your GraphQL implementation to better protect it.
Get the Snipd Podcast app to discover more snips from this episode
Get the app