layout | title | type | owasp-project | track | technology | related-to | status | when-day | when-time | location | organizers | participants | invited |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
blocks/working-session |
GraphQL Security Review |
workshop |
false |
Research |
Threat Model |
done |
PhotoBox |
Anders Reeves |
GraphQL is a query language for APIs and a runtime for fulfilling those queries with existing data. GraphQL provides a complete and understandable description of the data in an API, gives clients the power to ask for exactly what they need and nothing more, makes it easier to evolve APIs over time, and enables powerful developer tools.
This Working Session aims to use the community attending the Summit to perform a security review to GraphQL (Threat Modeling, Code Review, Static Analysis, Pentest).
- Perform Security review to GraphQL
- Improve existing Security documentation and guidance
- Revised security documentation and guidance
The target audience for this Working Session is:
- GraphQL developers
- Security researchers
- Companies using GraphQL
- http://graphql.org/
- https://mikewilliamson.wordpress.com/2016/09/15/graphql-and-security/
- http://graphql.org/learn/authorization/
- https://scaphold.io/community/questions/graphql-security-best-practices/
- http://stackoverflow.com/questions/32292389/why-is-it-safe-to-write-graphql-queries-client-side
- http://www.graphql.com/summit/
- https://docs.scaphold.io/authentication/permissions/
- https://github.com/facebook/graphql
- http://graphql.org/community/
- http://facebook.github.io/graphql/
- http://graphql.org/community/
- https://twitter.com/search?q=%23GraphQL
- https://twitter.com/GraphQL
- https://medium.com/the-graphqlhub/graphql-and-authentication-b73aed34bbeb
- https://facebook.github.io/react/blog/2015/05/01/graphql-introduction.html
- Draft revisions to security documentation and guidance
- Please add as much information as possible before the sessions
... Add content ...