Graphql Application Security Archives

In API Security

Meet JWT heartbreaker, a Burp extension that finds thousands weak secrets automatically

October 1, 2020 2 Mins Read

In the recent post (https://lab.wallarm.com/340-weak-jwt-secrets-you-should-check-in-your-code/), we presented a wallarm/jwt-secrets GitHub repository with a 340 JSON Web Token secrets available publicly. Using this data, it’s possible to check if you or your developers forgot to change default secrets or used a weak 3rd party library with it. However, the project was not stalled and nowadays we are happy to announce a huge update, which includes more than 1800 new JWT secrets grabbed from public sources like…

In DevOps

How to easily protect any Kubernetes application?

July 23, 2020 8 Mins Read

The king of container orchestration needs the best security companion: Wallarm WAF. When it comes to speed, portability, and the advantages of microservices architecture, no other product can compete with Kubernetes as a container orchestrator. Nevertheless, even the best solutions have challenges, and security is always one of these. According to the CNCF’s Cloud Native Landscape, today the market offers more than 100 tools to manage containers, but 89% of the software architects, DevOps managers,…

In API Security

Securing GraphQL API

May 18, 2020 7 Mins Read

Introduction to GraphQL Representational state transfer (REST) APIs are the most popular type of API. However, GraphQL is rapidly growing in popularity as a competitor to REST. GraphQL is a meta-layer with built-in query language to access object-oriented data. It’s based on JSON-encoded HTTP requests with custom queries inside. Unlike REST, there is no data inside the URL. These differences between traditional REST APIs and GraphQL ones can create challenges for security. Legacy web application…

In API Security

The most cited Wallarm researches in 2019

February 2, 2020 5 Mins Read

Our researchers are constantly working on information security issues and in 2019 we published dozens of articles on this topic. Stay with us and let’s make the IT world safer together!

In API Security

GraphQL Batching Attack

December 13, 2019 6 Mins Read

There is a new attack surface when the app tech stack includes GraphQL. It’s Batched Attacks on GraphQL APIs. How can these apps be protected? Read more to find out.

In API Security

Why and how to disable introspection query for GraphQL APIs

December 3, 2019 4 Mins Read

Intro In the last post, we touched on the topic of GraphQL security. As a reminder, GraphQL is a popular alternative to REST APIs. A single article can not encapsulate all the things one wants to know about such an interesting technology. This installment of the series will look at the first step of analyzing how well GraphQL is protected, specifically securing the GraphQL schema by disabling introspection query which is enabled by default. What…