Software Engineering Radio - the podcast for professional software developers SE Radio 613: Shahar Binyamin on GraphQL Security
25 snips
Apr 24, 2024 
Shachar Binyamin, CEO and co-founder of Inigo, discusses GraphQL security with a focus on adoption, known security issues, mitigation strategies, and top recommendations. Topics include authentication, authorization, denial of service attacks, and solutions for building safe GraphQL applications.
AI Snips
Chapters
Transcript
Episode notes
Obscure Endpoints to Reduce Attacks
- Avoid using common GraphQL endpoint paths to reduce automated abuse.
- Understand how attackers detect and fingerprint your GraphQL implementation to better protect it.
Multi-level Authorization Controls
- Implement multiple layers of access control, including role-based schema access and backend field-level checks.
- Early denial of unauthorized queries improves efficiency and security of GraphQL APIs.
Field-level Monitoring and Rate Limits
- Monitor field-level performance and usage to detect resource exhaustion and potential denial of service attacks.
- Establish cost-based queries and rate limits based on historical data to protect your GraphQL API.