Secure your Apollo GraphQL server with Semgrep | allinfosecnews.com

Aug. 29, 2023, noon | Trail of Bits

Trail of Bits Blog blog.trailofbits.com

By Vasco Franco tl;dr: Our publicly available Semgrep ruleset has nine new rules to detect misconfigurations of versions 3 and 4 of the Apollo GraphQL server. Try them out with semgrep --config p/trailofbits! When auditing several of our clients’ Apollo GraphQL servers, I kept finding the same issues over and over: cross-site request forgery (CSRF) […]

apollo apollo graphql auditing clients cross-site detect graphql misconfigurations request rules ruleset semgrep server servers

More from blog.trailofbits.com / Trail of Bits Blog

The life and times of an Abstract Syntax Tree 2 days, 11 hours ago | blog.trailofbits.com

artificially intelligent can clear compiler +14

Curvance: Invariants unleashed 4 days, 10 hours ago | blog.trailofbits.com

assessments audits blockchain building +15

Announcing two new LMS libraries 1 week, 1 day ago | blog.trailofbits.com

algorithm bits cryptography digital +17

5 reasons to strive for better disclosure processes 2 weeks, 5 days ago | blog.trailofbits.com

blog bugs disclosure examples +6

Introducing Ruzzy, a coverage-guided Ruby fuzzer 1 month ago | blog.trailofbits.com

application security bits bugs code +16

Why fuzzing over formal verification? 1 month, 1 week ago | blog.trailofbits.com

audits blockchain development fuzzing +3

Streamline your static analysis triage with SARIF Explorer 1 month, 2 weeks ago | blog.trailofbits.com

analysis audits explorer extension +8

Read code like a pro with our weAudit VSCode extension 1 month, 2 weeks ago | blog.trailofbits.com

audits bugs code codebase +12

Releasing the Attacknet: A new tool for finding bugs in blockchain nodes using chaos testing 1 month, 2 weeks ago | blog.trailofbits.com

addresses bits blockchain bugs +17

Cybersecurity Consultant

@ Devoteam | Cité Mahrajène, Tunisia

View on infosec-jobs.com

GTI Manager of Cybersecurity Operations

@ Grant Thornton | Phoenix, AZ, United States

View on infosec-jobs.com

(Senior) Director of Information Governance, Risk, and Compliance

@ SIXT | Munich, Germany

View on infosec-jobs.com

Information System Security Engineer

@ Space Dynamics Laboratory | North Logan, UT

View on infosec-jobs.com

Intelligence Specialist (Threat/DCO) - Level 3

@ Constellation Technologies | Fort Meade, MD

View on infosec-jobs.com

Cybersecurity GRC Specialist (On-site)

@ EnerSys | Reading, PA, US, 19605

View on infosec-jobs.com