Latest GraphQL Security posts

October 9, 2023

Apollo’s Response to CVE-2023-38545

October 12, 2023 Update Yesterday, the curl project released details regarding CVE-2023-38545. We want to provide an update on Apollo’s impact from this vulnerability. As mentioned in our original post, Apollo Router, Apollo Client, Apollo Server, Apollo Kotlin, Apollo iOS, and Rover do not rely on curl and are not affected by this vulnerability. The […]

October 5, 2023

Enforcing GraphQL security best practices with GraphOS

GraphQL provides a self-service developer experience by enabling client teams to fetch all of the data they need with a single query. When implementing GraphQL at scale, it’s important to balance its flexibility with security measures that prevent bad actors from exploiting its self-serve nature. A supergraph provides a unified but modular approach to GraphQL […]

July 31, 2023

Secure your GraphQL Microservices

Federation unlocks superpowers for our queries, enabling us to split up business logic and improve performance with features like @defer. However, these same powers can be abused if placed in the wrong hands, so it’s essential to limit who has access to them. The threats Many coordination features of a federated graph rely on an important […]

Read more

July 11, 2022

Apollo earns SOC 2 Type II compliance

by Tad Whitaker
May 26, 2021

9 Ways To Secure your GraphQL API — GraphQL Security Checklist

by Khalil Stemmler
May 7, 2021

Why You Should Disable GraphQL Introspection In Production – GraphQL Security

by Khalil Stemmler
February 21, 2018

Securing Your GraphQL API from Malicious Queries

by Max Stoiber

Recent posts

November 8, 2023

Apollo Client Office Hours with Alessia Bellisario

by Dylan Anthony
November 6, 2023

Deploying the Apollo Router at Apollo

by Gary Pennington
October 31, 2023

New GraphQL observability and insights in GraphOS Studio

by Parul Schroff

Company

Community

Help