Upgrade to Pro — share decks privately, control downloads, hide ads and more …

How to secure Public GraphQL API

How to secure Public GraphQL API

With great power comes great responsibility.
-- Benjamin Franklin Parker

GraphQL allows you to craft complicated queries with ease.
It does make mobile and web developers' jobs simpler.

Unfortunately, hackers also like to use and abuse it.

This presentation will show you how easy it is to execute Denial of Service and Brute Force attacks in GraphQL.
Don't worry, you'll also learn how to protect your API against them.

Michał Taszycki

July 22, 2021

More Decks by Michał Taszycki

Other Decks in Programming


  1. WHO AM I? ▸ Michał Taszycki (@mehowte) ▸ 16 years

    of programming experience ▸ I can teach you to be better at programming ▸ GraphQL Mastery ▸ Kurs Reacta ▸ 64bites (Commodore 64 assembly) ▸ Organizer of Festiwal React.js i GraphQL conference
  2. YOU WILL ENJOY IT IF… ‣ You know fundamentals of

    GraphQL ‣ You want to create your fi rst public GraphQL server ‣ You don’t believe it’s possible to secure a public GraphQL server
  3. ‣ You know everything about GraphQL ‣ You can handle

    Brute Force i DOS/DDOS attacks ‣ You are not interested in GraphQL? (duh) ‣ You believe that REST API is always better than GraphQL YOU MIGHT NOT ENJOY IT IF…