The API Security Academy is entirely free and open-source!
You can support the project by leaving a star, reporting bugs or even creating new lessons. We welcome all contributions!
API Security Academy provides hands-on, interactive lessons that teach various vulnerabilities and best practices in GraphQL security. You can access its full learning potential directly in your browser.
Each lesson is built around a WebContainer containing a live GraphQL application, so you'll not only understand why a vulnerability is risky, but also how to exploit it and, most importantly, how to fix it.
You can support the project by leaving a star, reporting bugs or even creating new lessons. We welcome all contributions!
Understand how to mitigate brute-force attacks targeting GraphQL authentication mutations for enhanced security.
Master the essentials of object-level authorization for secure data access and improved application security.
Explore the importance of turning off debug mode in a production environment to safeguard against unwanted information disclosure.
Delve into the mechanisms of SQL injections—how to exploit them and the strategies for preventing this enduring vulnerability.
Discover techniques to restrict expensive queries using GraphQL Armor, enhancing performance and security.
Master the essentials of setting up field-level authorization in GraphQL resolvers for fine-grained access control.
Understand the role of the Access-Control-Allow-Origin header in safeguarding users from cross-site request forgery (CSRF) attacks.
Explore techniques for validating JSON input objects to mitigate the risk of injection vulnerabilities.
Master techniques for setting up authorization specifically tailored for GraphQL mutations, enhancing both data integrity and security.
Grasp the fundamentals of Server Side Request Forgery (SSRF) and the measures to effectively prevent this vulnerability.
Uncover the importance of rate-limiting as a mechanism to deter automated threats and bots from abusing your API.
Discover how to identify and terminate resource-intensive queries, thereby safeguarding your database from undue stress.
Understand the importance of a well-configured gateway to prevent unauthorized access to your underlying API.
Explore strategies to cap query batching, thereby minimizing the risk of resource depletion and enhancing API stability.
Discover how implementing pagination for list results can lead to optimized database performance and resource usage.
Learn to safeguard against injection risks when interacting with APIs that return user-provided data.