April 7, 2021 5:00 PM
Securing GraphQL API
Representational state transfer (REST) APIs are the most popular type of API. However, GraphQL is rapidly growing in popularity as a competitor to REST.
GraphQL is a meta-layer with built-in query language to access object-oriented data. It’s based on JSON-encoded HTTP requests with custom queries inside. Unlike REST, there is no data inside the URL.
These differences between traditional REST APIs and GraphQL ones can create challenges for security. Legacy web application firewalls (WAFs), which rely upon features like data in the URL to identify potential threats, are unable to detect and block attacks against GraphQL APIs.
CEO at Wallarm
Besides being a co-founder of Wallarm, Ivan Novikov also is:
- provider of AI-powered application security;
- white-hat security professional with over 12 years of experience in security services;
- inventor of memcached injection and SSRF exploit class
- recipient of bounty awards from Google and Facebook
- speaker at HITB, Black Hat, and other industry events.