GraphQL is an alternative to the REST concept that allows working with the data in a more structured and object-oriented way. This technology is very famous and used by many enterprise companies such as Facebook, Walmart, Intuit among other. Whether you know it or not, GraphQL has a significant impact on your business. Many products you rely on, such as GitLab, New Relic, and WordPress use GraphQL under the covers. In this series of articles, we will explore GraphQL from the security angle, explain common attacks and vulnerabilities found so far, and give advice on how to protect GraphQL APIs.
Unlike REST, where you need to define your schema externally, for example, using Swagger, GraphQL will guarantee consistency of your schema and API itself. They describe themselves as:
GraphQL is a query language for your API, and a server-side runtime for executing queries by using a type system you define for your data. GraphQL isn't tied to any specific database or storage engine and is instead backed by your existing code and data.
Our own definition of GraphQL is a meta-layer with built-in query language to access object-oriented data. It’s based on JSON-encoded HTTP requests with custom queries inside. Unlike REST, there is no data inside the URL.Â
First of all, the GraphQL security testing guides start from Introspection queries (https://graphql.org/learn/introspection/), which allows attackers to obtain data schema and then build all the available queries and apply payloads there. So, the first advice is to disable the introspection option. Usually, GraphQL drivers for applications provide this configuration option, like this: https://webonyx.github.io/graphql-php/security/#disabling-introspection. Unfortunately, it’s not the case for many drivers and products used GraphQL and you have to use an external application security solution to disable that.
Secondly, since GraphQL is a middleware API layer, almost all the attacks there are related to the security of your application under the hood.Â
We can classify all the typical issues related to GraphQL implementations into the following types:
In the subsequent articles from this series, we will explain and discuss every single type described above in detail.
It is. Wallarm's partner, Vulners, shows at least 61 records related to GraphQL vulnerabilities in the Vulners aggregated threat intelligence feed: https://vulners.com/search?query=graphql
Most of the issues are current as of this year. Here are some examples of the more interesting issues.Â
As always, the best way to protect anything is to apply secure coding practices, test for security issues before the application is released and limit the number of security issues in your code. At the same time, many parts of the application, like 3rd party libraries, web server, application server, database, and so on, are not actually developed by your team and often are not under their control. To mitigate, you typically need an additional layer of application protection, that can work with GraphQL APIs, such as Wallarm Advanced Cloud-Native WAF.Â
Unfortunately, you can’t use legacy WAFs, IDS/IPS, NGFW and other commodity tools because of the sophisticated data format it uses under the hood of HTTP. GraphQL request usually consists of three parts of data inside the JSON body: operationName, query and variables.
It looks like this:
POST /graphql/ HTTP/1.1
HOST: myapp.local
Content-type: application/json
...
{
"operationName":"inviteUser",
"variables":
{
"input":
{
"email":"jack@wallarm.com",
"firstName":"Jack",
"lastName":"Daniels",
"role":"REGULAR"
}
},
"query": "mutation inviteUser($input: InviteUserInput!)
{
inviteUser(input: $input) {
user {
firstName
lastName
email
}
__typename
}
}"
} As you can see, it’s a JSON data with a custom GraphQL query format in a “query parameter”. Because of the code-style format of such requests, it will cause signature triggers in WAFs/IPS all the time and the security team will simply disable it there. For example, mod_security CRS caused it as describe here: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1006
A lot of other WAFs will easily pass all the JSON API requests without any filtration because they are not able to detect attacks within encoded GraphQL/JSON messages. Others will stop too many requests, cause a windfall of false positives and get turned off altogether.
Wallarm engineering team did a good job this year working around these issues to create a system that avoids false positives and bypasses for GraphQL attacks.
Wallarm implemented native JSON parser and specific rules to block GraphQL attacks. As a result, it’s possible now to block introspection queries and all the OWASP Top-10 attacks in the “variables” GraphQL parameters encoded as JSON.Â
As a result, when the next GitLab, WordPress, or other GraphQL-encoded vulnerability will be discovered, all the Wallarm customers will be protected automatically.Â
Is an AI-to-AI attack scenario a science fiction possibility only for blockbusters like the Terminator…
Lefteris Tzelepis, CISO at Steelmet /Viohalco Companies, was shaped by cybersecurity. From his early exposure…
This is a predictions blog. We know, we know; everyone does them, and they can…
The attack landscape has been dynamic following the disclosure of the React Server Components RCE…
As the year draws to a close, it’s worth pausing to look back on what…
On December 3, 2025, React maintainers disclosed a critical unauthenticated remote code execution (RCE) vulnerability…