Pentesting Pentesting GraphQL 101 Part 1 - Discovery Recent statistics say that you have queried at least one GraphQL endpoint today. For me, as a Penetration tester, it is just a matter of concern, especially since high-quality Pentesting guides/articles are scarce online, which only signals that GraphQL security is still rudimentary. So I decided to start this
Announcement Introducing GraphMan: instantly scaffold a Postman collection for your GraphQL API While querying, developing, and testing your GraphQL APIs with postman is easy and convenient, it has a big caveat: if you want to cover an endpoint with all its queries and mutations entirely, it will take you hours and repetitive steps to create every request, and you'll almost
AppSec 9 GraphQL Security Best Practices GraphQL has no security by default. All doors are open for the most basic attacks. Read more to learn about the exact threats and some simple strategies you can implement to get your users' data under lock and key 🔐
