Member-only story
Learning and Testing for GraphQL Vulnerabilities — Part 2
Introduction
In previous articles, we have discussed the significance of GraphQL in contemporary architecture. Therefore, we cannot deny that attackers are targeted it excessively to obtain the information. Consequently, I will discuss a few potential GraphQL hazards in this article. If you have not read my previous blog post on GraphQL, kindly click on the link provided and read the information there.
https://gupta-bless.medium.com/learning-and-testing-for-graphql-vulnerabilities-3efa9b5064f9
Data exposure or continual data leaks
If our Graph QL queries are not properly secured or inadequately configured, then any unauthorized user or attacker can access sensitive or confidential data; this is known as data exposure or data leakage. There is a possibility that the user has normal user access rights, but if he has access to administrative data, this is also a data exposure vulnerability. By utilizing GraphQL APIs, clients can specify how much data they wish to extract in a single query; however, if these APIs are not properly controlled, this functionality can lead to…
