Overview
The course aims to teach learners the dos and don'ts of designing secure GraphQL APIs, highlighting case studies and their OWASP risks. By the end of the course, students will have the tools to proactively plan for threats in the API lifecycle. The course covers challenges and security risks specific to GraphQL APIs, compared to other API specifications. The teaching method includes case studies, examples, and discussions on various security vulnerabilities and best practices. This course is intended for developers and teams working with GraphQL APIs who want to enhance the security of their systems.
Syllabus
Introduction
About Me
GraphQL Story
NDC App
GraphQL Gateway
Why GraphQL Matters
Dont Panic
GitHub
WordPress
Instagram
National Vulnerability Database
Word Cloud
Example
The Collection
Creating a New Request
In introspection
Field Suggestions
Denial of Service
Batch Query Attack
Multiple Attempts
Recursive Relationships
Duplicate Fields
Fragments
Denialist
SQL Injection
Authorization
Denial of service attacks
Batch attack
Persistent queries
GraphQL introspection
Custom Scalars
State of GraphQL
Arrested Development
GraphQL Foundation
Resources
Taught by
NDC Conferences