DEV Community

Tristan Kalos
Tristan Kalos

Posted on

GraphQL Armor: A middleware to make your GraphQL endpoints secure

tl;dr we released github.com/Escape-Technologies/graphql-armor, a developer friendly, free and open source middleware that adds a security layer to any js-based GraphQL server.

"GraphQL is less secure than most REST APIs"

This is something we have heard a lot since GraphQL's inception in 2015.

Our security research team confirmed this when spending a year on evaluating security in the GraphQL ecosystem. (I even gave a talk about the results at GraphQL SF 2022)

We decided the GraphQL ecosystem deserved to be more secure and created GraphQL Armor, a developer friendly middleware that quickly adds a security layer to any js-based GraphQL server.

Out-of-the-box, you get protection against:

  • Bruteforcing
  • Query complexity attacks (Depth, Width, cyclomatic complexity)
  • Information Disclosure (Schema leaks)

But more is to come, we are adding protection against new attacks every week 😎

Link to the repo: https://github.com/Escape-Technologies/graphql-armor

If you use GraphQL, feel free to help us by staring and contributing 🤩

Discussion (1)

Collapse
tristankalos profile image
Tristan Kalos Author

Also we are very reactive as maintainers so do not hesitate to open issues!