Tag: GraphQL Vulnerability

It is a misconception that discovering vulnerabilities is only within the domain of developers and hackers. Jacob, an Account Executive at Escape, proves this notion wrong. What is a vulnerability disclosure? Vulnerability disclosure is the process of reporting security weaknesses in computer software or hardware. Individuals and groups such as security researchers, IT security teams, and in-house or third-party developers can report these vulnerabilities to the parties responsible for the affected systems. This allows them...

As developers, ensuring the security of our applications is crucial. Insecure Direct Object References (IDOR) are common security vulnerabilities that occur when a system’s internal implementation is exposed to users, allowing them to manipulate references to access unauthorized data. GraphQL, a powerful data query and manipulation language for APIs, is not exempt from this vulnerability. In this blog post, we will dive in detail into what IDOR vulnerabilities are and why they pose...

TL;DR: GraphQL vulnerabilities will inevitably burden developers, especially when healthcare compliances like HIPAA come into play. This article highlights how Escape makes it super easy to release compliant APIs. The correlation between HIPAA and GraphQL is that PHI resources can be exposed through GraphQL APIs, allowing for a more ...

Whether or not to disable introspection has been a common debate among GraphQL developers since its inception. In this blog post, we will explain why completely disabling introspection is not necessary and why it can be counterproductive. I can't really find any good reasons for blocking/removing #GraphQL ...

We at Escape have been scanning GraphQL APIs for vulnerabilities for more than two years. In this post, we will share the most common GraphQL vulnerabilities, affecting close to all GraphQL APIs we have scanned. We strongly recommend you to check your GraphQL APIs for these vulnerabilities. ...