Audit report on GraphQL API vulnerabilities

July 12, 2023

A very interesting audit report on vulnerabilities found in the wild on GraphQL APIs.

Spoiler: there are a LOT of vulnerabilities that fall within the scope of best practices.

These results clearly show that GraphQL comes with its own set of specific flaws that need to be taken into account when deciding to use it.

For their audit, the researchers used a GraphQL API analysis tool that looks efficient and is in beta for the REST API analysis part.

Escape: API Security Platform - Automated API Discovery & Security

Escape is the only API Security solution that combines the capabilities of API inventory, API security testing, and business logic testing in CI/CD.