TL;DR: We are making the first Continous GraphQL Security Testing platform available to all developers, you can register for its free trial now 🔥
A year ago, we understood with my co-founder Antoine that GraphQL was an insanely powerful technology but lacked the proper security tooling for wider adoption as a production, enterprise-grade API technology.
Because GraphQL is almost always vulnerable by default:
- Contrarily to simple REST APIs, GraphQL is a language. Attackers have a broad attack surface to craft malformed queries and exploit the GraphQL Engine.
- Due to its graph nature, it's easy for developers to leak sensitive data.
Even companies like GitHub, GitLab, and Shopify, among plenty of others, have had critical vulnerabilities in their GraphQL endpoints.
So we decided to create the perfect platform for helping all developers create secure GraphQL endpoints, easily.
- Be simple to use and integrated into the development process 🧪
- Make sure endpoints have implemented all GraphQL security best practices (We've developed 40+ so far, and counting!) ☑️
- Explore dynamically all paths in the endpoint's graph to find potential data leaks 🕸
For one year, we developed all the best practices to secure GraphQL endpoints, and we implemented them in an automated testing platform. Along, we developed a unique algorithm to detect data leaks inside of deeply nested graphs in minutes.
In the last 6 months, Escape's GraphQL Security Platform was used successfully by developers from dozens of cherry-picked companies to secure their endpoints. It was an awesome adventure. We thank them a lot for their trust and feedback.
Now, we believe every developer should have the opportunity to secure the endpoints they build. So we decided to release our GraphQL Security Platform to everyone.
It means you can try it for free and start securing endpoints in minutes!
Here is the registration link 🥳
If you need any help in setting up your endpoint for testing, or have any feedback, feel free to also join our Discord GraphQL Security Community!
Food for thoughts
Wanna know more about automated GraphQL security testing? Read our blog article "How to test your GraphQL API?".