Best Practices - Escape - The GraphQL Security Blog

Demystifying GraphQL Security: A Comprehensive Guide to Introspection

Whether or not to disable introspection has been a common debate among GraphQL developers since its inception. In this blog post, we will explain why completely disabling introspection is not necessary and why it can be counterproductive. I can't really find any good reasons for blocking/removing #GraphQL introspection capabilities

Research

The State of Public APIs 2023

tl;dr we scanned 6056+ public APIs on the internet with our in-house feedback driven exploration tech and ranked them using security, performance, reliability, and design criteria. We decided to analyze the resulting data and produce a full featured report: The State of Public APIs 2023 Why build this report?

Best Practices

GraphQL errors: the Good, the Bad and the Ugly

Returning errors in GraphQL is a challenging task, and we tried a lot of different approaches over time. Keep reading to know what we've learned along the way.

Best Practices

GraphQL Error Handling Best Practices for Security

Error messages in GraphQL are rarely seen as a security concern, yet they should. The risk? Leaking information and data! Learn more about GraphQL errors and how to handle them.

AppSec

9 GraphQL Security Best Practices

GraphQL has no security by default. All doors are open for the most basic attacks. Read more to learn about the exact threats and some simple strategies you can implement to get your users' data under lock and key 🔐

DevSecOps

The Ultimate Guide to DevSecOps Best Practices

DevSecOps aims at integrating security inside the development process. It can be hard to know where to start. In this article, learn the best practices to implement DevSecOps in your engineering teams.

Tutorial

Handling relational databases with NestJS, Prisma and GraphQL

This articles presents a basic GraphQL application illustrating our methods and guidelines for producing backend code.