GraphQL API Abuse
highgraphql-abuse
Attacker exploits GraphQL-specific vulnerabilities including query depth attacks, introspection abuse, batching attacks, or field-level authorization bypass
Information DisclosureDenial of ServiceElevation of Privilege
MITRE ATT&CK techniques
| ID | Name | Tactic |
|---|---|---|
| T1190 | Exploit Public-Facing Application | Initial Access |
| T1499 | Endpoint Denial of Service | Impact |
Common Weakness Enumeration
Mitigating controls
ctrl-graphql-1- Implement query depth and complexity limits
ctrl-graphql-2- Disable introspection in production environments
ctrl-graphql-3- Implement field-level authorization checks
ctrl-graphql-4- Use query cost analysis and rate limiting
ctrl-graphql-5- Validate and sanitize all query inputs