A somewhat curated list of links to various topics in application security.
| Item | Date Added | Link | Excerpt |
|---|---|---|---|
| 1 | 2025-08-14 04:08:28 UTC | Mastering the Realm of GraphQL Exploitation | The content is titled "Mastering the Realm of GraphQL Exploitation" and appears to focus on the topic of exploiting GraphQL. It suggests a deep dive into understanding and potentially exploiting GraphQL, a query language for APIs. The title implies that the content may cover advanced techniques or strategies for manipulating GraphQL queries to gain unauthorized access or extract sensitive information. |
| 2 | 2025-08-14 04:08:25 UTC | GraphQL - Security Overview and Testing Tips · Doyensec's Blog | The content titled "GraphQL - Security Overview and Testing Tips" on Doyensec's Blog likely discusses security considerations related to GraphQL APIs and provides tips for testing the security of GraphQL implementations. It is expected to cover key aspects of securing GraphQL endpoints and offer guidance on how to effectively test the security measures in place. The article may delve into common security vulnerabilities in GraphQL systems and suggest best practices for ensuring the safety and integrity of data exchanged through GraphQL APIs. |
| 3 | 2025-08-14 04:08:23 UTC | Facebook GraphQL CSRF – These aren't the access_tokens you're looking for | The content appears to be about a security vulnerability related to Facebook's GraphQL technology, specifically concerning Cross-Site Request Forgery (CSRF) attacks. The title suggests that access tokens may be involved in this vulnerability. It seems to warn users or developers that the access tokens they are using may not be secure or may be compromised in some way. The phrase "These aren't the access_tokens you're looking for" implies that there may be deceptive or unauthorized access tokens being used in this context. |
| 4 | 2025-08-14 04:08:21 UTC | andev-software/graphql-ide: ⚡️ GraphQL IDE - An extensive IDE for exploring | The content is a brief description of a GraphQL IDE developed by andev-software. It is described as an extensive tool for exploring GraphQL. The tool is likely designed to assist users in interacting with GraphQL APIs, visualizing schemas, and executing queries. The use of emojis like ⚡️ suggests that the IDE may be fast and efficient. |
| 5 | 2025-08-14 04:08:19 UTC | https://github.com/gsmith257-cyber/GraphCrawler | The link provided leads to a GitHub repository named GraphCrawler created by a user named gsmith257-cyber. The content of the repository likely contains information, code, or files related to graph crawling. The specifics of the content are not provided in the summary request. |
| 6 | 2025-08-14 04:08:17 UTC | https://blog.assetnote.io/2021/08/29/exploiting-graphql/ | The content discusses the exploitation of GraphQL, a query language for APIs. It highlights security vulnerabilities in GraphQL implementations, focusing on unauthorized access to sensitive data, excessive data exposure, and denial of service attacks. The article provides insights into common attack vectors, such as introspection queries and nested queries, and offers recommendations to secure GraphQL APIs, including implementing proper authorization mechanisms, rate limiting, and input validation. It emphasizes the importance of thorough testing and monitoring to prevent potential security risks associated with GraphQL APIs. |
| 7 | 2025-08-14 04:08:13 UTC | Oh snap! We don't support this version of your browser, and neither should | The content emphasizes that the current browser version is not supported and advises against using it. It suggests that users should not rely on this particular browser version for optimal performance. |
| 8 | 2025-08-14 04:08:09 UTC | GraphQL introspection leads to sensitive data disclosure. | GraphQL introspection can potentially lead to the disclosure of sensitive data. Introspection allows clients to query the schema and understand the structure of the API, which can inadvertently expose sensitive information. It is important for developers to carefully manage introspection capabilities to prevent unauthorized access to confidential data. |
| 9 | 2025-08-14 04:08:07 UTC | GraphQL Introspection leads to Sensitive Data Disclosure. | GraphQL Introspection can potentially lead to the disclosure of sensitive data. This feature allows clients to query the schema of a GraphQL API, potentially exposing information that should be kept private. It is essential for developers to be cautious when using GraphQL Introspection to prevent unintentional disclosure of sensitive data. |
| 10 | 2025-08-14 04:08:05 UTC | Graphql Abuse to Steal Anyone’s Address - Noteworthy - The Journal Blog | The content discusses the potential risk of GraphQL abuse leading to the theft of anyone's address. It highlights the vulnerability in GraphQL implementations that could be exploited by malicious actors to access sensitive information. The article likely delves into the importance of securing GraphQL APIs and the potential consequences of overlooking security measures in GraphQL setups. It serves as a warning about the security implications of GraphQL misuse and the need for vigilance in protecting sensitive data. |
| 11 | 2025-08-14 04:08:03 UTC | [TOKOPEDIA] SITE-WIDE CSRF THROUGH GRAPHQL REQUEST | The content mentions a potential security vulnerability on the Tokopedia website related to Cross-Site Request Forgery (CSRF) through GraphQL requests. This vulnerability could allow attackers to perform unauthorized actions on behalf of users. It highlights the importance of addressing and fixing such vulnerabilities to ensure the security of the website and protect user data. |
| 12 | 2025-08-14 04:08:01 UTC | swisskyrepo/GraphQLmap: GraphQLmap is a scripting engine to interact with a | The content is about a tool called GraphQLmap developed by swisskyrepo. It is described as a scripting engine designed for interacting with GraphQL. The tool likely provides functionalities to automate interactions with GraphQL APIs, making it easier for users to work with GraphQL endpoints efficiently. |
| 13 | 2025-08-14 04:07:59 UTC | br3akp0int/GQLParser: A repository for GraphQL Extension for Burp Suite | The content is about a repository called br3akp0int/GQLParser, which offers a GraphQL Extension for Burp Suite. This extension likely provides additional functionality for the Burp Suite tool related to handling GraphQL requests and responses. The repository may contain code, documentation, or resources for integrating GraphQL capabilities into the Burp Suite tool for security testing and analysis purposes. |
| 14 | 2025-08-14 04:07:57 UTC | doyensec/graph-ql: GraphQL Security Research Material | The content is a repository named doyensec/graph-ql that contains GraphQL security research material. The repository likely includes resources, tools, and findings related to security vulnerabilities and best practices in GraphQL implementations. It serves as a valuable source for individuals interested in understanding and improving the security aspects of GraphQL applications. |
| 15 | 2023-10-29 12:14:33 UTC | Oh snap! We don't support this version of your browser and neither should you! | The content warns against using an unsupported browser version, advising users not to do so. The message emphasizes that the mentioned browser version is not supported and suggests that users should avoid using it. |
| 16 | 2023-10-05 11:49:12 UTC | Mastering the Realm of GraphQL Exploitation | The content titled "Mastering the Realm of GraphQL Exploitation" likely delves into advanced techniques for exploiting vulnerabilities in GraphQL implementations. It may cover topics such as security risks, common attack vectors, and strategies for securing GraphQL APIs. The content is likely aimed at individuals looking to deepen their understanding of GraphQL security and improve their ability to identify and mitigate potential exploits in GraphQL applications. |
| 17 | 2021-09-06 12:35:04 UTC | Exploiting GraphQL | Assetnote discovered security vulnerabilities in GraphQL implementations, highlighting the importance of securing applications that use this technology. The vulnerabilities could potentially lead to data exposure or unauthorized access. It emphasizes the need for developers to follow best practices in securing GraphQL APIs to prevent exploitation by malicious actors. By being aware of these vulnerabilities and taking appropriate security measures, developers can protect their applications and users from potential threats. |
| 18 | 2021-01-26 13:59:58 UTC | GraphQL 101 Challenge | The content is a practical introduction to GraphQL aimed at QA engineers. It covers the basics of GraphQL in a hands-on manner, making it accessible for those new to the technology. The challenge likely involves exercises or tasks to help participants understand and apply GraphQL concepts. It emphasizes the relevance of GraphQL for QA engineers, suggesting that the content may focus on how GraphQL can be used in testing scenarios. Overall, the challenge aims to provide a foundational understanding of GraphQL for QA engineers through interactive learning experiences. |
| 19 | 2020-02-25 15:38:44 UTC | doyensec/graph-ql: GraphQL Security Research Material | The content refers to a GitHub repository called doyensec/inql, which is an extension for the Burp Suite tool designed for testing the security of GraphQL APIs. The tool, named InQL, is specifically created for conducting security assessments on GraphQL endpoints. It aims to assist in identifying and addressing potential security vulnerabilities in GraphQL implementations. |
| 20 | 2020-01-19 15:41:03 UTC | Facebook GraphQL CSRF – These aren't the access_tokens you're looking for | A CSRF bug in business.instagram.com allowed unauthorized GraphQL calls. The bug was discovered in the View the Assigned Roles and Emails of an Instagram Account feature. Users without an Instagram Business account encountered an error page during login. This issue highlights a potential security vulnerability in Facebook's GraphQL system. |
| 21 | 2020-01-19 15:40:56 UTC | [TOKOPEDIA] SITE-WIDE CSRF THROUGH GRAPHQL REQUEST | The content mentions a vulnerability in the Tokopedia website related to Cross-Site Request Forgery (CSRF) through GraphQL requests. This vulnerability could potentially allow attackers to perform unauthorized actions on behalf of users on the Tokopedia site. It highlights the importance of addressing and fixing such security flaws to protect user data and prevent malicious activities. |
| 22 | 2020-01-13 01:20:46 UTC | GraphQL IDOR leads to information disclosure - Eshan Singh - Medium | Eshan Singh, also known as R0X4R, discusses a recent discovery of an Insecure Direct Object Reference (IDOR) vulnerability in GraphQL that led to information disclosure. The article likely delves into the impact and implications of this vulnerability in GraphQL systems. |