Tag

Graphql Application Security

Browsing

In the recent post (https://lab.wallarm.com/340-weak-jwt-secrets-you-should-check-in-your-code/), we presented a wallarm/jwt-secrets GitHub repository with a 340 JSON Web Token secrets available publicly. Using this data, it’s possible to check if you or your developers forgot to change default secrets or used a weak 3rd party library with it. However, the project was not stalled and nowadays we are happy to announce a huge update, which includes more than 1800 new JWT secrets grabbed from public sources like…

The king of container orchestration needs the best security companion: Wallarm WAF. When it comes to speed, portability, and the advantages of microservices architecture, no other product can compete with Kubernetes as a container orchestrator. Nevertheless, even the best solutions have challenges, and security is always one of these. According to the CNCF’s Cloud Native Landscape, today the market offers more than 100 tools to manage containers, but 89% of the software architects, DevOps managers,…

Introduction to GraphQL Representational state transfer (REST) APIs are the most popular type of API.  However, GraphQL is rapidly growing in popularity as a competitor to REST. GraphQL is a meta-layer with built-in query language to access object-oriented data. It’s based on JSON-encoded HTTP requests with custom queries inside. Unlike REST, there is no data inside the URL. These differences between traditional REST APIs and GraphQL ones can create challenges for security.  Legacy web application…

Intro In the last post, we touched on the topic of GraphQL security. As a reminder, GraphQL is a popular alternative to REST APIs. A single article can not encapsulate all the things one wants to know about such an interesting technology. This installment of the series will look at the first step of analyzing how well GraphQL is protected, specifically securing the GraphQL schema by disabling introspection query which is enabled by default. What…