all InfoSec news
Secure your Apollo GraphQL server with Semgrep
Malware Analysis, News and Indicators - Latest topics malware.news
By Vasco Franco
tl;dr: Our publicly available Semgrep ruleset has nine new rules to detect misconfigurations of versions 3 and 4 of the Apollo GraphQL server. Try them out with semgrep --config p/trailofbits
!
When auditing several of our clients’ Apollo GraphQL servers, I kept finding the same issues over and over: cross-site request forgery (CSRF) that allowed attackers to perform actions on behalf of users, rate-limiting that allowed attackers to brute-force passwords or MFA tokens, and cross-origin resource sharing …
apollo apollo graphql auditing clients cross-site detect graphql misconfigurations request rules ruleset semgrep server servers