It has never been easier to make a GraphQL server. But ensuring your server is secure is another thing entirely. GraphQL is a flexible technology. This flexibility is beneficial to architects who are designing a new GraphQL API, and frontend engineers building new experiences. Attackers also love this flexibility. It gives them new avenues for finding data incorrectly protected by authorization. It gives them the ability to scrape your entire site from a self-introspecting endpoint. They could even just write massive queries to take down a server entirely.

Below, we will walk through the 5 problems that your GraphQL server…

Jacob Voytko

Runnin’ my own business. Previously staff engineer @ Etsy, before that I worked on Google Docs

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store