GraphQL flaws you, as a cybersecurity professional, must be aware of:
1. Improper validation & sanitization of input
2. Lack of access controls
3. Lack of authentication
4. Over/Under-fetching
5. Unvalidated third-party libraries
(thread)
1. Improper validation & sanitization of input
2. Lack of access controls
3. Lack of authentication
4. Over/Under-fetching
5. Unvalidated third-party libraries
(thread)
1. Inadequate validation and sanitization of user input - GraphQL queries and mutations can be vulnerable to SQL injection attacks if not properly validated and sanitized.
2. Lack of access control - GraphQL APIs do not have built-in mechanisms for controlling access to data, leaving room for improper implementations and misconfiguration of access controls at different levels in the logic.
3. Lack of authentication - GraphQL does not come with authentication by default, leaving APIs vulnerable to man-in-the-middle attacks, data theft and misconfigurations.
4. Over-fetching and under-fetching - GraphQL queries can be easily misused to retrieve excessive amounts of data, leading to performance issues and potential security risks.
5. Unvalidated libraries - GraphQL often relies on third-party libraries to extend its functionality, which may not be properly validated and could contain vulnerabilities.
#infosec #cybersecurity #pentesting #cybersecuritytips
Like, RT, and follow me @cristivlad25 for more.
#infosec #cybersecurity #pentesting #cybersecuritytips
Like, RT, and follow me @cristivlad25 for more.
Loading suggestions...