Input Validation and Sanitization in GraphQL
Enhance GraphQL security with input validation & sanitization. Learn about homemade middleware,directives and custom scalars for protecting APIs| Escape DAST - Application Security Blog
Enhance GraphQL security with input validation & sanitization. Learn about homemade middleware,directives and custom scalars for protecting APIs| Escape DAST - Application Security Blog
Confusion between authentication and authorization causes data leaks. Learn the difference and how to implement the right access control pattern in your GraphQL API.| Escape DAST - Application Security Blog
For several days now, your users have been complaining about losing access to your web service. If at first you thought it was a simple coincidence and certainly a fault of the users, the incident starts to be strongly repeated and noticed. You rush to your monitors and notice an| Escape - The API Security Blog
GraphQL aliasing is a powerful feature. But with great power comes great vulnerability: batch attacks and DoS. In this post, we explain how it works and how to remediate it in your GraphQL API.| Escape - The API Security Blog
The relational aspect of GraphQL can be a vulnerability exploited by running deep and cyclic queries causing your API to crawl under the load and crash. That's a Denial of Service. Learn how it works and how you can protect your API!| Escape - The API Security Blog
Cross-Site Scripting (XSS) happens when attackers send malicious scripts via web apps to end users. Learn how to remediate it in GraphQL apps.| Escape - The API Security Blog
We at Escape have been scanning GraphQL APIs for vulnerabilities for more than two years. In this post, we will share the most common GraphQL vulnerabilities, affecting close to all GraphQL APIs we have scanned. We strongly recommend you check your GraphQL APIs for these vulnerabilities.| Escape - The API Security Blog
GraphQL has no security by default. All doors are open for the most basic attacks. Read more to learn about the exact threats and some simple strategies you can implement to get your users' data under lock and key 🔐| Escape - The API Security Blog
You receive a call in the middle of the night from the SRE team: All production data has been deleted from your company's various relational databases. Many of the company's internal services are therefore down. You absolutely need to fix the problem immediately and identify the problem. Once you log| Escape - The API Security Blog
