GraphQL Archives

In API Security

Meet JWT heartbreaker, a Burp extension that finds thousands weak secrets automatically

November 21, 2022 2 Mins Read

In the recent post (https://lab.wallarm.com/340-weak-jwt-secrets-you-should-check-in-your-code/), we presented a wallarm/jwt-secrets GitHub repository with a 340 JSON Web Token secrets available publicly. Using this data, it’s possible to check if you or your developers forgot to change default secrets or used a weak 3rd party library with it. However, the project was not stalled and nowadays we are happy to announce a huge update, which includes more than 1800 new JWT secrets grabbed from public sources like…

In API Security

Securing GraphQL API

March 1, 2023 4 Mins Read

Introduction to GraphQL Representational state transfer (REST) APIs are the most popular type of API. However, GraphQL is rapidly growing in popularity as a competitor to REST. GraphQL is a meta-layer with built-in query language to access object-oriented data. It’s based on JSON-encoded HTTP requests with custom queries inside. Unlike REST, there is no data inside the URL. These differences between traditional REST APIs and GraphQL ones can create challenges for security. Legacy web application…

In API Security

The most cited Wallarm researches in 2019

March 30, 2023 3 Mins Read

Our researchers are constantly working on information security issues and in 2019 we published dozens of articles on this topic. Stay with us and let’s make the IT world safer together!

In API Security

A Match Made in the Clouds

January 31, 2023 4 Mins Read

With recent explosion of Kubernetes adoption and Wallarm’s consistent effort to deliver Kubernetes native security offerings, I feel tremendous confidence in our collective ability to stay ahead of the emerging threats in the cloud native ecosystem.

In API Security

GraphQL Batching Attack

January 13, 2024 4 Mins Read

There is a new attack surface when the app tech stack includes GraphQL. It’s Batched Attacks on GraphQL APIs. How can these apps be protected? Read more to find out.

In API Security

Why and how to disable introspection query for GraphQL APIs

January 13, 2024 2 Mins Read

Intro In the last post, we touched on the topic of GraphQL security. As a reminder, GraphQL is a popular alternative to REST APIs. A single article can not encapsulate all the things one wants to know about such an interesting technology. This installment of the series will look at the first step of analyzing how well GraphQL is protected, specifically securing the GraphQL schema by disabling introspection query which is enabled by default. What…