I've been working on the Android Framework for about three years now. Before that, I worked in Chrome OS and Linux kernel development for a few years before that. In my spare time, I like to run long ...
Continue ReadingSeptember 03, 2021
I've worked on games for PC, consoles, and mobile devices. I am currently working at Google as an Android Engineer. I work primarily on the YouTube Gaming app (which is now available worldwide). Prev ...
Continue ReadingSeptember 02, 2021
I used to be an academic, and before that I was in the military. I am currently working on the Chrome team at Google, where I work on performance optimizations for web applications. Before that, I wo ...
Continue ReadingSeptember 02, 2021
2. The GraphQL Language# The GraphQL language is very powerful and expressive, but also very easy to misuse. This makes the language vulnerable to many attacks: Cross-site scripting (XSS) , SQL inject ...
Continue ReadingSeptember 02, 2021
This means that there are still some edge cases in the specification that haven't been fully explored. It also means that we're facing an uphill battle when trying to secure GraphQL against attacks. ...
Continue ReadingSeptember 02, 2021
2. Unvalidated Input# GraphQL has no built-in way of validating input. It's up to the client library or the server implementation to validate input before sending it over the wire. This means that th ...
Continue ReadingSeptember 02, 2021
This means that we need to be careful when using a third-party library for parsing our GraphQL queries. 2 https://t.co/tjID7n5Ytq ...
Continue ReadingSeptember 02, 2021
If you're not sure, test it! 2. The double (quintuple) declaration problem# The second most common vulnerability in GraphQL is the double (quintuple) declaration problem. When we query for something ...
Continue ReadingSeptember 02, 2021
Back to Main