WGQL - GraphQL Hacking and Defenses

DCODX provides security workshops to help your developers, security teams, and engineers to step up their application security knowledge, exploiting and fixing security issues through full hands-on trainings.

GraphQL Security 101

The workshop is meant for developers, architects and security folks. During the workshop we will learn how to setup a GraphQL project, define a schema, create Query, Mutation and Subscription for a "fake" social network. We will learn what are the main security issues to consider when developing a GraphQL application:

  • Introspection: information disclosure

  • /graphql as a single point of failure (DoS attacks)

  • IDOR

  • Broken Access control

  • Injections

Once we get familiar with the issues, we will explain how to avoid it and/or fix it.


Labs available on Github

Presented at

Interested? Contact us at trainings@dcodx.com

Last updated