Last week, I saw some tools and articles about GraphQL batching attacks. I thought it’s a good idea to cover them in my sample application to see if, how and why they work. GraphQL batching attacks To my application, I added a simple code that draws a random 5-digit...
Learning GraphQL
Learning GraphQL #4 – REST API as a data source and path traversals in docs
This episode of the learning GraphQL series is getting spicy! It’s because I’m implementing the REST API as a data source and turned out that by following the official documentation, I introduced a path traversal to my application! In case you are new, this is a...
Learning GraphQL #3 – subscriptions
Welcome to another lesson of the Learning GraphQL course! It’s a series where I develop an application with GraphQL so that you and I understand it better. I also point out anything that stands out to me from the security standpoint - unclear docs, recommendations or...
Learning GraphQL #2 – mutations
In the last lesson from this course, we covered basic queries, arguments, aliases, fragments and variables. In the meantime, I also started creating my own server that relies on GraphQL. So far, it’s pretty much a hello world example but over this course, I will...
Learning GraphQL #1 – Basics
GraphQL is something that I’ve been willing to learn for a long time. Of course, I can understand the syntax or write a simple query but I lack the understanding of how things work from the developer’s perspective. So I’m going to make a series where we create a...