DCODX provides security workshops to help your developers, security teams, and engineers to step up their application security knowledge, exploiting and fixing security issues through full hands-on trainings.

GraphQL Security 101

The workshop is meant for developers, architects and security folks. During the workshop we will learn how to setup a GraphQL project, define a schema, create Query, Mutation and Subscription for a "fake" social network. We will learn what are the main security issues to consider when developing a GraphQL application:

• Introspection: information disclosure

• /graphql as a single point of failure (DoS attacks)

• IDOR

• Broken Access control

• Injections

Once we get familiar with the issues, we will explain how to avoid it and/or fix it.

Syllabus

Labs available on Github

Presented at