<  Back to Sessions
Session PresentationBeginnerGraphQL Security

GraphQL Security Vulnerabilities in the Wild

Antoine Carossio Profile Image
Antoine CarossioEscape, Cofounder & CTO
Tristan Kalos Profile Image
Tristan KalosEscape, Co-founder & CEO

Join Escape's co-founders Tristan Kalos and Antoine Carossio, leaders in GraphQL Security Testing, for an incisive look at GraphQL vulnerabilities. This groundbreaking research, involving a scan of over 1500 GraphQL endpoints, revealed a staggering 46,000+ security issues and sensitive data leaks, all accessible without authentication and with 10% classified as critical. In this session, Tristan and Antoine will share their unique testing methodology and delve into the most common GraphQL vulnerabilities unearthed during their research. They'll expose GraphQL-specific vulnerabilities, including complexity issues and schema leaks, alongside persistent standard API security threats like injections and server errors. They'll also highlight the often-underestimated problem of data leaks, including sensitive personal information and tokens. But, they won't leave you in the trenches; they'll showcase practical remediation strategies, introducing tools like GraphQL Armor and a handy security checklist for developers. Don't miss this crucial session at the GraphQL Conf 2023.