GraphQL Armor: A middleware to make your GraphQL endpoints secure

#graphql #apolloserver #typescript #security

tl;dr we released github.com/Escape-Technologies/graphql-armor, a developer friendly, free and open source middleware that adds a security layer to any js-based GraphQL server.

"GraphQL is less secure than most REST APIs"

This is something we have heard a lot since GraphQL's inception in 2015.

Our security research team confirmed this when spending a year on evaluating security in the GraphQL ecosystem. (I even gave a talk about the results at GraphQL SF 2022)

We decided the GraphQL ecosystem deserved to be more secure and created GraphQL Armor, a developer friendly middleware that quickly adds a security layer to any js-based GraphQL server.

Out-of-the-box, you get protection against:

Bruteforcing
Query complexity attacks (Depth, Width, cyclomatic complexity)
Information Disclosure (Schema leaks)

But more is to come, we are adding protection against new attacks every week 😎

Link to the repo: https://github.com/Escape-Technologies/graphql-armor

If you use GraphQL, feel free to help us by staring and contributing 🤩

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more