Best Practices - Escape - The API Security Blog

CSRF vs XSS: What is the difference?

Web safety matters. XSS is like sneaky bad notes, while CSRF tricks sites as if it's you. Both misuse website trust. We'll explore how they work and how to protect sites, including using CSRF tokens. Learn about online security with us!

GraphQL

What are Insecure Direct Object References (IDOR) in GraphQL, and how to fix them

As developers, ensuring the security of our applications is crucial. Insecure Direct Object References (IDOR) are common security vulnerabilities that occur when a system's internal implementation is exposed to users, allowing them to manipulate references to access unauthorized data. GraphQL, a powerful data query and manipulation language for APIs, is

GraphQL Vulnerability

Demystifying GraphQL Security: A Comprehensive Guide to Introspection

Whether or not to disable introspection has been a common debate among GraphQL developers since its inception. In this blog post, we will explain why completely disabling introspection is not necessary and why it can be counterproductive. I can't really find any good reasons for blocking/removing #GraphQL introspection capabilities

Research

The State of Public APIs 2023

tl;dr we scanned 6056+ public APIs on the internet with our in-house feedback driven exploration tech and ranked them using security, performance, reliability, and design criteria. We decided to analyze the resulting data and produce a full featured report: The State of Public APIs 2023 Why build this report?

Best Practices

GraphQL errors: the Good, the Bad and the Ugly

Managing GraphQL errors can be quite a challenging task, and we tried a lot of different approaches over time. Keep reading to know what we've learned along the way.

Best Practices

GraphQL Error Handling Best Practices for Security

Error messages in GraphQL are rarely seen as a security concern, yet they should. The risk? Leaking information and data! Learn more about GraphQL errors and how to handle them.

AppSec

9 GraphQL Security Best Practices

GraphQL has no security by default. All doors are open for the most basic attacks. Read more to learn about the exact threats and some simple strategies you can implement to get your users' data under lock and key 🔐

DevSecOps

Top 7 DevSecOps Best Practices

DevSecOps aims at integrating security inside the development process. It can be hard to know where to start. In this article, learn the best practices to implement DevSecOps in your engineering teams.

Tutorial

Guide to handling relational databases with Prisma, NestJS and GraphQL

This articles presents a basic GraphQL application illustrating our methods and guidelines for producing backend code.