Course

GraphQL security

This course explores mitigating the risks of GraphQL.
44 minutes 4 videos

Course description

GraphQL is an exciting new protocol over HTTP. As with any abstractions, it introduces some risks that need to be mitigated.

Syllabus

Object injections in GraphQL

Video - 00:13:00

In this video, we will go through object injections in GraphQL and how we can protect against them.
String injections in GraphQL

Video - 00:08:00

This video introduces string injections in GraphQL. Is it possible to exploit SQL injections or shell injections?
The schema is public

Video - 00:08:00

There is a common assumption that the GraphQL schema is a private asset. This video shows how an attacker can discover it and leverage this to attack an application.
introduction to GraphQL

Video - 00:15:00

GraphQL is an exciting new protocol over HTTP. As with any abstractions, it introduces some risks that need to be mitigated.

Meet the author

Vladimir is a core Node.js collaborator and is involved in most security-related topics of the Node.js project. He has worked for seven years as an Application Security expert at Sqreen and as a Staff Engineer at Datadog. He is now building a new company.

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments

Associated NICE Work Roles

All Infosec training maps directly to the NICE Workforce Framework for Cybersecurity to guide you from beginner to expert across 52 Work Roles.

  • Cyber Operator
  • System Administrator
  • Data Analyst

Plans & pricing

Infosec Skills Personal

$299 / year

  • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support

Infosec Skills Teams

$799 per license / year

  • Team administration and reporting
  • Dedicated client success manager
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • Integrations via API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 190+ role-guided learning paths and assessments (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Create and assign custom learning paths
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Optional upgrade: Guarantee team certification with live boot camps

Award-winning training you can trust