NEW FEATURE: GraphQL Security

owasp-modsecurity / ModSecurity

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.

https://www.modsecurity.org

Apache License 2.0

8.3k stars 1.61k forks source link

NEW FEATURE: GraphQL Security #2919

Open ghost opened 1 year ago

ghost commented 1 year ago

ModSecurity should include a new feature to parse graphQL queries. Nowadays, many big companies are using graphQL. It involves complex configurations that may expose the applications to various security vulnerabilities, such as, DoS Attacks, Injection Attacks, Introspection Queries (which can expose sensitive data), or other malicious queries.

ModSecurity should provide native parsing of GraphQL requests and enforces security checks to protect against these attacks.

martinhsv commented 1 year ago

Hello @shubhagarwal14 ,

Don't GraphQL POST requests just use normal json format?

Please describe more fully what you think would be of high value that is not already supported.