tl;dr we released github.com/Escape-Technologies/graphql-armor, a developer friendly, free and open source middleware that adds a security layer to any js-based GraphQL server.
"GraphQL is less secure than most REST APIs"
This is something we have heard a lot since GraphQL's inception in 2015.
Our security research team confirmed this when spending a year on evaluating security in the GraphQL ecosystem. (I even gave a talk about the results at GraphQL SF 2022)
We decided the GraphQL ecosystem deserved to be more secure and created GraphQL Armor, a developer friendly middleware that quickly adds a security layer to any js-based GraphQL server.
Out-of-the-box, you get protection against:
- Query complexity attacks (Depth, Width, cyclomatic complexity)
- Information Disclosure (Schema leaks)
But more is to come, we are adding protection against new attacks every week 😎
Link to the repo: https://github.com/Escape-Technologies/graphql-armor
If you use GraphQL, feel free to help us by staring and contributing 🤩