Escape - The GraphQL Security Blog
  • Website
  • Why Escape?
  • Book a demo
  • Login
Secure your GraphQL API in 1 minute. It's free! →

Karim Reda

3 posts published

Tenant isolation, access control and account takeover (ATO) in GraphQL

Tenant isolation, access control and account takeover (ATO) in GraphQL

If you have ever worked with graphQL, you must know that checking that access control is implemented correctly is a nightmare. Access control is restricting access to a specific resource. In graphQL, you must check that every link (between an object and an object or between a query and an

Karim Reda Oct 13, 2022 • 4 min read
Securing GraphQL Endpoints in the Full Development Lifecycle

Securing GraphQL Endpoints in the Full Development Lifecycle

I have been working on software development for a year, and I noticed that the essential thing in this process is getting results, not the development process itself. During development, developers usually integrate many different technologies into the project. For example, let's say we are developing a graphQL application. The

Karim Reda Sep 29, 2022 • 4 min read
Introducing PyMultiAuth - The ultimate Python Authentication Toolkit

Introducing PyMultiAuth - The ultimate Python Authentication Toolkit

Nowadays, whenever you enter a web application, chances are that it uses some API (REST or GraphQL). Why? Simply because APIs are very beneficial and cost-effective, but despite the numerous advantages that APIs bring to the table, there is one disadvantage that to me as a cyber security engineer outweighs

Karim Reda Sep 8, 2022 • 7 min read
Escape - The GraphQL Security Blog © 2023
  • Privacy Policy
  • About Us
  • GraphQL Armor