I used to be an academic, and before that I was in the military. I am currently working on the Chrome team at Google, where I work on performance optimizations for web applications. Before that, I wo ...
Continue ReadingSeptember 02, 2021
2. The GraphQL Language# The GraphQL language is very powerful and expressive, but also very easy to misuse. This makes the language vulnerable to many attacks: Cross-site scripting (XSS) , SQL inject ...
Continue ReadingSeptember 02, 2021
This means that there are still some edge cases in the specification that haven't been fully explored. It also means that we're facing an uphill battle when trying to secure GraphQL against attacks. ...
Continue ReadingSeptember 02, 2021
2. Unvalidated Input# GraphQL has no built-in way of validating input. It's up to the client library or the server implementation to validate input before sending it over the wire. This means that th ...
Continue ReadingSeptember 02, 2021
This means that we need to be careful when using a third-party library for parsing our GraphQL queries. 2 https://t.co/tjID7n5Ytq ...
Continue ReadingSeptember 02, 2021
If you're not sure, test it! 2. The double (quintuple) declaration problem# The second most common vulnerability in GraphQL is the double (quintuple) declaration problem. When we query for something ...
Continue ReadingSeptember 02, 2021
The first thing I noticed about the new version of the game is that its much more colorful than before. The original was a bit too dark for my tastes, but this one feels like youre playing in an o ...
Continue ReadingSeptember 02, 2021
2. The double (quintuple) declaration problem# The next problem we have to solve is the double (or quintuple) declaration problem https://t.co/kUuB5QnMPx ...
Continue ReadingSeptember 02, 2021
Back to Main