GraphQL - API Security Blog

CVE-2022-30288

Agoo through 2.14.2 does not reject GraphQL fragment spreads that form cycles, leading to an application crash.Read More ...

23 июня, 2022

Reddit: Regular Expression Denial of Service vulnerability

## Summary: The vulnerability I have found is classified as a Regular Expression Denial of Service. While inspecting the source code file [RealtimeGQLSubscriptionAsync.js](https://www.redditstatic.com ...

23 июня, 2022

CVE-2022-29353

An arbitrary file upload vulnerability in the file upload module of Graphql-upload v13.0.0 allows attackers to execute arbitrary code via a crafted filename.Read More ...

23 июня, 2022

This Week in Spring – June 7th, 2022

Hi, Spring fans! Welcome to another installment of _This Week in Spring_! I've just landed in tantalizing Toronto, Canada, for the SpringOne Tour Toronto show. I'm so excited to be here, at long last, ...

23 июня, 2022

Tutorial: How to Build Your First Node.js gRPC API

Compared to other API technologies like REST and GraphQL, gRPC is lightweight and exceptionally robust, thanks in large part to its use of protobufs. Interested in exploring how to build your own API? ...

23 июня, 2022

How we use Dependabot to secure GitHub

At GitHub, we draw on our own experience using GitHub to build GitHub. As an example of this, we use a number of GitHub Advanced Security features internally. This post covers how we rolled out Depend ...

23 июня, 2022

RSAC 2022 The Year of API Security

Not only is RSAC back in person, but [API security]() is coming to the forefront. Wallarm, the G2 leader in Application Security, is thrilled to be back at RSAC where we will show off all of our new A ...

23 июня, 2022

Spring Tips: Learn Spring for GraphQL (parts 5 and 6 of an ongoing series)

Hi, Spring fans! In thi^^^ these installments, we continue our series introducing the Spring for GraphQL project. This series features Spring for GraphQL lead [Rossen Stoyanchev (@rstoya05)]() - whose ...

23 июня, 2022