all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Secure your Apollo GraphQL server with Semgrep

Add to bookmarks
Aug. 29, 2023, noon | Trail of Bits

Trail of Bits Blog blog.trailofbits.com

By Vasco Franco tl;dr: Our publicly available Semgrep ruleset has nine new rules to detect misconfigurations of versions 3 and 4 of the Apollo GraphQL server. Try them out with semgrep --config p/trailofbits! When auditing several of our clients’ Apollo GraphQL servers, I kept finding the same issues over and over: cross-site request forgery (CSRF) […]

apollo apollo graphql auditing clients cross-site detect graphql misconfigurations request rules ruleset semgrep server servers

Visit resource

More from blog.trailofbits.com / Trail of Bits Blog

Announcing AI/ML safety and security trainings 2 days, 8 hours ago | blog.trailofbits.com
businesses complexities computing machine learning +14
Understanding AddressSanitizer: Better memory safety for your code 3 weeks, 3 days ago | blog.trailofbits.com
application security attacks bug can +20
A peek into build provenance for Homebrew 3 weeks, 5 days ago | blog.trailofbits.com
alpha alpha-omega beta build +13
Using benchmarks to speed up Echidna 1 month ago | blog.trailofbits.com
ben benchmarks bits blockchain +19
The life and times of an Abstract Syntax Tree 1 month, 1 week ago | blog.trailofbits.com
artificially intelligent can clear compiler +14
Curvance: Invariants unleashed 1 month, 1 week ago | blog.trailofbits.com
assessments audits blockchain building +15
Announcing two new LMS libraries 1 month, 2 weeks ago | blog.trailofbits.com
algorithm bits cryptography digital +17
5 reasons to strive for better disclosure processes 1 month, 3 weeks ago | blog.trailofbits.com
blog bugs disclosure examples +6
Introducing Ruzzy, a coverage-guided Ruby fuzzer 2 months, 1 week ago | blog.trailofbits.com
application security bits bugs code +16

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Senior Security Researcher - Linux MacOS EDR (Cortex)

@ Palo Alto Networks | Tel Aviv-Yafo, Israel
View on infosec-jobs.com

Sr. Manager, NetSec GTM Programs

@ Palo Alto Networks | Santa Clara, CA, United States
View on infosec-jobs.com

SOC Analyst I

@ Fortress Security Risk Management | Cleveland, OH, United States
View on infosec-jobs.com