Introducing API Security Posture Management for GraphQL

Antoine Carossio -

tl;dr The Escape Team is excited to announce the release of its latest feature, API Security Posture Management for GraphQL. This feature proposes a single API Catalog view to explore the security, integrity, and performance of all GraphQL operations in one place. See it for yourself in action

With the rise of GraphQL as a popular API technology, it is essential to have an effective security solution in place, and Posture Management is designed to meet this need.

Escape's API Posture Management works out-of-the-box with all GraphQL engines, including Apollo, Yoga, Hasura, and AWS AppSync, and seamlessly integrates into CI/CD. This means you can easily explore the security, integrity, and performance of your GraphQL APIs without additional configuration directly into your current workflow.

Escape's new Posture Management feature in action

1. Inventory Every Operation and Dive into the details

This feature gives a centralized view of all GraphQL operations, making identifying potential vulnerabilities, sensitive data leaks (including personally identifiable information), or performance issues easy. Developers can also dive into each resolver's details to better understand its security, integrity, and performance.

Introspect every detail and observe how your API behaves even before production

2. Uncover Vulnerabilities and Resolve incidents before production

The API Security Posture Management for GraphQL is designed to quickly and efficiently uncover vulnerabilities within CI/CD workflows and before production, enabling developers to resolve incidents before it's too late. This includes a range of security checks, including user input validation, rate limiting, and authentication. The feature allows the developer to control who can access specific data (tenant isolation and data segregation), ensuring the integrity of its GraphQL API.

Escape can detect secret leaks in API error messages directly from the CI/CD

3. Optimize Performance with Quantified Metrics

GraphQL is particularly vulnerable to performance issues with N+1 attacks, cyclic queries, large queries, etc. Moreover, performance is critical to businesses. Posture Management provides developers with quantified metrics that enable them to analyze the performance of their resolvers and detect performance issues. This includes response times and error rates.

Are you not sure if your GraphQL APIs are secure? Our team can show you, during a demo, what your organization needs to secure.

Get a demo

We hope you enjoy the feature and can't wait for your feedback!

💡Want to learn more?