GraphQL Security Review


GraphQL is a query language for APIs and a runtime for fulfilling those queries with your existing data. GraphQL provides a complete and understandable description of the data in your API, gives clients the power to ask for exactly what they need and nothing more, makes it easier to evolve APIs over time, and enables powerful developer tools.

(from http://graphql.org/)

Why

Use the community attending the Summit to perform a security review to GraphQL (Threat Modeling, Code Review, Static Analysis, Pentest)

What

  • Perform Security review to GraphQL
  • Improve existing Security Documentation and guidance

Who

  • GraphQL developers
  • Security Researchers
  • Companies using GraphQL

References

  • http://graphql.org/
  • https://mikewilliamson.wordpress.com/2016/09/15/graphql-and-security/
  • http://graphql.org/learn/authorization/
  • https://scaphold.io/community/questions/graphql-security-best-practices/
  • http://stackoverflow.com/questions/32292389/why-is-it-safe-to-write-graphql-queries-client-side
  • http://www.graphql.com/summit/
  • https://docs.scaphold.io/authentication/permissions/
  • https://github.com/facebook/graphql
  • http://graphql.org/community/
  • http://facebook.github.io/graphql/
  • http://graphql.org/community/
  • https://twitter.com/search?q=%23GraphQL
  • https://twitter.com/GraphQL
  • https://medium.com/the-graphqlhub/graphql-and-authentication-b73aed34bbeb

Related Working Session(s)



Back to list of all Working Sessions and Tracks

Edit this page here