GraphQL Security Review


GraphQL is a query language for APIs and a runtime for fulfilling those queries with existing data. GraphQL provides a complete and understandable description of the data in an API, gives clients the power to ask for exactly what they need and nothing more, makes it easier to evolve APIs over time, and enables powerful developer tools.

Why

This Working Session aims to use the community attending the Summit to perform a security review to GraphQL (Threat Modeling, Code Review, Static Analysis, Pentest).

What

  • Perform Security review to GraphQL
  • Improve existing Security documentation and guidance

Outcomes

  • Revised security documentation and guidance

Who

The target audience for this Working Session is:

  • GraphQL developers
  • Security researchers
  • Companies using GraphQL

References

  • http://graphql.org/
  • https://mikewilliamson.wordpress.com/2016/09/15/graphql-and-security/
  • http://graphql.org/learn/authorization/
  • https://scaphold.io/community/questions/graphql-security-best-practices/
  • http://stackoverflow.com/questions/32292389/why-is-it-safe-to-write-graphql-queries-client-side
  • http://www.graphql.com/summit/
  • https://docs.scaphold.io/authentication/permissions/
  • https://github.com/facebook/graphql
  • http://graphql.org/community/
  • http://facebook.github.io/graphql/
  • http://graphql.org/community/
  • https://twitter.com/search?q=%23GraphQL
  • https://twitter.com/GraphQL
  • https://medium.com/the-graphqlhub/graphql-and-authentication-b73aed34bbeb
  • https://facebook.github.io/react/blog/2015/05/01/graphql-introduction.html

Working materials

  • Draft revisions to security documentation and guidance
  • Please add as much information as possible before the sessions

Content

… Add content …

Related Working Session(s)



Back to list of all Working Sessions and Tracks

Edit this page here