API Security Academy: a smarter way to learn GraphQL security

API Security Academy: a smarter way to learn GraphQL security

Learning about GraphQL security is now more accessible than ever! We're excited to introduce the API Security Academy, developed by the Escape team.

Escape's API Security Academy is a free and open-source collection of interactive challenges that will teach you how to secure your GraphQL applications. The challenges are designed to be fun and engaging, and they will help you learn the following:

  • How to identify and mitigate security vulnerabilities in GraphQL applications
  • How to apply GraphQL security best practices
  • How to implement security measures in your own GraphQL applications

Escape Academy is an excellent resource for anyone who wants to learn more about GraphQL security. Whether you are a beginner or an experienced developer, you will find something to learn.

The website is currently in beta, and we'll be adding new challenges all the time. GraphQL is at the core of our expertise, but we anticipate introducing additional API types in the future!

We would love your feedback on API Security Academy, so please feel free to leave a comment or issue a bug report.

Why is GraphQL Security important?

Developers are quickly adopting GraphQL to fulfill the flexibility required for maintaining modern, rapidly expanding APIs. It empowers clients to request precisely what they require and simplifies the process of evolving APIs over time.

GraphQL implementations offer functionalities that attackers can exploit. Most common GraphQL vulnerabilities include injections (SQL, XSS, CCS, etc), introspection, brute-force attacks, and DoS (Denial of Service). And therefore, GraphQL APIs should be made available carefully.

Want to learn more about GraphQL Security best practices before starting your lessons? Check out this article.

Why Escape's API Security Academy?

There are a few reasons why Escape's API Security Academy is a great way to learn about GraphQL security:

  • It is interactive. The challenges in API Security Academy are interactive, meaning you will be actively engaged in the learning process. This makes the learning experience more fun and memorable.
  • It is practical. The challenges in Escape's Academy are based on real-world security vulnerabilities. This means you will learn how to apply security best practices to your GraphQL applications.
  • It is free and open-source. API Security Academy is free to use and open-source, thus anyone can contribute to the project. This makes Escape's Academy a valuable resource for the GraphQL community. We welcome all contributions!

We hope that you will visit Escape's API Security Academy and start learning about GraphQL security today!

Earn your API Security Academy certificate

Once you finish all the lessons, you can earn a certification of completion to post on your LinkedIn profile.

API Security Academy certificate 

Don't hesitate to show your network your GraphQL security expertise!

Interested in the technical details?

We will publish a follow-up article detailing how the Academy works under the hood because everything runs in the browser!

Keep an eye on our website.  The technical article will be published tomorrow.

How does it work? There is no backend whatsoever. The API Security Academy leverages WebContainers, a new technology that allows running full-blown node instances directly in the browser.

In the meantime, you can check out the public repository or wait for the next blog post—it's up to you!

Stay secure,

Your Escape team