Introducing Secure GraphQL for Everyone

TL;DR: We are making the first Continuous GraphQL Security Testing platform available to all developers, you can get a personalized demo now 🔥

A year ago, my co-founder Antoine and I understood that GraphQL was an insanely powerful technology but lacked the proper security tooling for wider adoption as a production, enterprise-grade API technology.

Because GraphQL is almost always vulnerable by default:

• Contrarily to simple REST APIs, GraphQL is a language. Attackers have a broad attack surface to craft malformed queries and exploit the GraphQL Engine.
• Due to its graph nature, it's easy for developers to leak sensitive data.

Even companies like GitHub, GitLab, and Shopify, among plenty of others, have had critical vulnerabilities in their GraphQL endpoints.

So we decided to create the perfect platform for helping all developers create secure GraphQL endpoints, easily.

It would:

• Be simple to use and integrated into the development process 🧪
• Make sure endpoints have implemented all GraphQL security best practices (We've developed 40+ so far, and counting!) ☑️
• Explore dynamically all paths in the endpoint's graph to find potential data leaks 🕸

For one year, we developed all the best practices to secure GraphQL endpoints, and we implemented them in an automated testing platform. Along, we developed a unique algorithm to detect data leaks inside of deeply nested graphs in minutes.

In the last 6 months, Escape's GraphQL Security Platform was used successfully by developers from dozens of cherry-picked companies to secure their endpoints. It was an awesome adventure. We thank them a lot for their trust and feedback.

Now, we believe every developer should have the opportunity to secure the endpoints they build. So we decided to release our GraphQL Security Platform to everyone.

If you need any help in setting up your endpoint for testing, or have any feedback, feel free to also join our Discord GraphQL Security Community!