12/30/2023 0 Comments Call graphql api from postmanSome of the most common attacks made against GraphQL are related to access control. Word cloud generated by searching CVEs using “graphql” as a keyword Access control Read on to learn more about the common attack types you need to consider when you design your GraphQL APIs. Meena used Postman to call the public API for the NVD to find Common Vulnerabilities and Exposures (CVEs) that included “graphql” as a keyword and used the results to look for patterns among the vulnerabilities.Ĭheck out the word cloud below that Meena generated using this search, or generate it yourself in the GraphQL Security 101 public workspace. The responses included things like access control, broken object-level authorizations (BOLA), and denial-of-service (DoS). Meena polled the audience to see what they thought were the most common GraphQL attacks, according to the OWASP Top Ten. She then shared a few recent examples of companies that have had to report security vulnerabilities related to their GraphQL APIs. Meena used “graphql” as a keyword when searching the National Vulnerability Database (NVD) to get some statistics, and she found a notable increase in GraphQL API vulnerabilities over the past three years. It is both an API and a query language-and this gives attackers a broader attack surface to look for and exploit vulnerabilities. While most of Meena’s talk was about not panicking, she did mention that you should panic if you think GraphQL is just an API. Related: Download the Postman GraphQL Client It’s just an API, what could go wrong? Read on for some of the highlights, and be sure to check out the full video for more details. At this year’s API Specifications Conference (ASC), Postman Developer Advocate Meenakshi Dhanani shared the dos and don’ts of designing secure GraphQL APIs.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |