Karim Reda - Escape - The GraphQL Security Blog

Tenant isolation, access control and account takeover (ATO) in GraphQL

If you have ever worked with graphQL, you must know that checking that access control is implemented correctly is a nightmare. Access control is restricting access to a specific resource. In graphQL, you must check that every link (between an object and an object or between a query and an

Securing GraphQL Endpoints in the Full Development Lifecycle

I have been working on software development for a year, and I noticed that the essential thing in this process is getting results, not the development process itself. During development, developers usually integrate many different technologies into the project. For example, let's say we are developing a graphQL application. The

Introducing PyMultiAuth - The ultimate Python Authentication Toolkit

Nowadays, whenever you enter a web application, chances are that it uses some API (REST or GraphQL). Why? Simply because APIs are very beneficial and cost-effective, but despite the numerous advantages that APIs bring to the table, there is one disadvantage that to me as a cyber security engineer outweighs