DEV Community

Tristan Kalos
Tristan Kalos

Posted on

GraphQL Armor: A middleware to make your GraphQL endpoints secure

tl;dr we released, a developer friendly, free and open source middleware that adds a security layer to any js-based GraphQL server.

"GraphQL is less secure than most REST APIs"

This is something we have heard a lot since GraphQL's inception in 2015.

Our security research team confirmed this when spending a year on evaluating security in the GraphQL ecosystem. (I even gave a talk about the results at GraphQL SF 2022)

We decided the GraphQL ecosystem deserved to be more secure and created GraphQL Armor, a developer friendly middleware that quickly adds a security layer to any js-based GraphQL server.

Out-of-the-box, you get protection against:

  • Bruteforcing
  • Query complexity attacks (Depth, Width, cyclomatic complexity)
  • Information Disclosure (Schema leaks)

But more is to come, we are adding protection against new attacks every week 😎

Link to the repo:

If you use GraphQL, feel free to help us by staring and contributing 🤩

Top comments (1)

tristankalos profile image
Tristan Kalos

Also we are very reactive as maintainers so do not hesitate to open issues!