Karim Reda - Escape - Application Security & Offensive Security Blog

Access Control and Data Segregation in multi-tenant GraphQL applications

If you have ever worked with GraphQL, you must know that ensuring proper data segregation and access control is implemented correctly is a nightmare, especially in multi-tenant environments. Access control and data segregation are critical aspects of any multi-tenant application where multiple customers or tenants share the same application instance.

Securing GraphQL Endpoints in the Full Development Lifecycle

I have been working on software development for a year, and I noticed that the essential thing in this process is getting results, not the development process itself. During development, developers usually integrate many different technologies into the project. For example, let's say we are developing a graphQL

Introducing PyMultiAuth - The ultimate Python Authentication Toolkit

Nowadays, whenever you enter a web application, chances are that it uses some API (REST or GraphQL). Why? Simply because APIs are very beneficial and cost-effective, but despite the numerous advantages that APIs bring to the table, there is one disadvantage that to me as a cyber security engineer outweighs