graphql-security

My presentation about GraphQL Security

Slides: https://jgcmarins.github.io/graphql-security/

Topics

• Overview: Query, Mutation, Subscription
• What kinds of attacks?
• Limit query complexity
• Disable introspection query
• Limit introspection
• Whitelist queries (persisted queries)
• Other solutions (infrastructure)
• Programmatically: Middleware
• Mutation Middleware: Roles
• viewerCanSee() (not added)