ModSecurity icon indicating copy to clipboard operation
ModSecurity copied to clipboard

Published 20 hours ago verified publisher icon owasp-modsecurity

NEW FEATURE: GraphQL Security

Open ghost opened this issue 2 years ago • 1 comments

ModSecurity should include a new feature to parse graphQL queries. Nowadays, many big companies are using graphQL. It involves complex configurations that may expose the applications to various security vulnerabilities, such as, DoS Attacks, Injection Attacks, Introspection Queries (which can expose sensitive data), or other malicious queries.

ModSecurity should provide native parsing of GraphQL requests and enforces security checks to protect against these attacks.

ghost avatar Jun 27 '23 08:06 ghost

Hello @shubhagarwal14 ,

Don't GraphQL POST requests just use normal json format?

Please describe more fully what you think would be of high value that is not already supported.

martinhsv avatar Jul 10 '23 15:07 martinhsv