Popularity of GraphQL is skyrocketing. We have been working to solve GraphQL security for more than two years now and have developed 40+ tests in this category. We will showcase 7 most critical tests. These are written in YAML format.

Purpose: To educate developers and security teams on how to conduct security testing on GraphQL APIs
This will be complemented with real case study and Damn Vulnerable GraphQL Application (DVGA).

1. Overview of GraphQL Security with examples.
2. Introspection Mode Test:
3. Overfetching Test:
4. High Depth Exploiting Recursive Types Test:
5. Excessive Errors Test:
6. Find Objects and Add Keys Test:
7. CSRF Content-Type Test:
8. CSRF Through GET Requests Test
9. Automate these tests in CI/CD