awesome-graphql-security

Confusion between authentication and authorization causes data leaks. Learn the difference and how to implement the right access control pattern in your GraphQL API.

Hands-on learning about GraphQL. Each lesson is built around a WebContainer containing a live GraphQL application, so you'll not only understand why a vulnerability is risky, but also how to exploit it and, most importantly, how to fix it.

Take your GraphQL skills to the next level with our free interactive GraphQL tutorials, videos, quizzes and code challenges.

Introduction to Basic Concepts, Security Considerations & Reconnaissance, Vulnerabilities and Attacks, Offensive Tools.

Learn about GraphQL security, performance, testing and building production-ready APIs with the latest tools and best practices of the GraphQL ecosystem.

Learn about GraphQL security, performance, testing and building production-ready APIs with the latest tools and best practices of the GraphQL ecosystem.

Addressing the Security concerns of GraphQL Aliases.

File Inclusion and Directory Traversal in GraphQL.

Understanding and Dealing with Cross-Site Request Forgery Attacks (CSRF) in GraphQL.

The relational aspect of GraphQL can be a vulnerability exploited by running deep and cyclic queries causing your API to crawl under the load and crash.

How HTTPS can prevent Data Leaks.

GraphQL Client helps you debug GraphQL queries and implementations. Also distributed as a Browser Extension.

CLI GraphQL schema viewer, view schema diagram on the terminal or generate graphviz .dot format file

Generate a complete Postman collection from a GraphQL endpoint. Allows instant and easy discovery and exploration of the API.

GraphQL schema viewer for endpoints with introspection

Visualize GraphQL schema.

GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations.

Patrial introspection fetcher when introspection is disabled.

GraphQL password brute-force and fuzzing utility.

Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.

a GraphQL endpoint discovery and fingerprinting tool.

A GraphQL automated security toolkit. Grab introspection, search for sensitive queries, and then test authorization.

Continuous GraphQL Security Testing for Developers. Find and fix GraphQL security flaws in the CI/CD.

Highly customizable security middleware for Apollo GraphQL and Envelop servers.

GraphQL authorization layer

Utility to run common security tests against GraphQL APIs that can be run inside CI/CD.

Web Application Firewall for GraphQL APIs.