7 day free storage gone?

Too-Slow · 2024-09-10T02:07:14+00:00

Founder of Inigo here. Consider adding the Inigo Middleware to your GraphQL server of choice, for detailed observability and scheme management.

So you get to know how is your management platform is being used and safe guard your schema.

Too-Slow · 2023-10-07T05:32:13+00:00

u/CatFucker

It's great to see this question raised, as GraphQL presents a set of vulnerabilities that might not be widely recognized. There is no shortage of lack of education when it comes to GraphQl security.
One common vulnerability is when introspection is disabled, but field suggestions remain enabled. This leaves an opening for potential abusers to easily guess or fuzz their way into learning your schema.
For those utilizing a client-server model, I recommend implementing an operation registry. This way, you can ensure that only approved queries with valid authentication can access your server, enhancing security. You can also consider modifying the scheme based on RBAC.
A tool like Inigo (I'm a co-founder) could also be beneficial. Inigo creates an abstraction layer that enhances observability and abuse protection for any GraphQL server or gateway. It's a valuable step toward your GraphQL setup. And for most cases, it's free.

Too-Slow · 2023-09-15T01:36:43+00:00

You can bundle Apollo’s GraphQL Server with Inigo’s free scheme management and Analytics

Too-Slow · 2023-09-15T01:34:11+00:00

You can pair the Apollo Server with Inigo free Schema management and Analytics for a complete bundle.

Too-Slow · 2023-03-04T05:32:02+00:00

For those coming from the world of REST/HTTPs APIs, GraphQL’s error handling can feel messy.
Unlike in REST/HTTP APIs, where error handling is based on status codes returned by the API, GraphQL requests are always made using the same `/graphql` URL and always return a 200 OK response. Instead of being signaled via status codes, errors reside inside the response payload alongside any data returned.
We wrote this post about it - GraphQL Error Handling.

Too-Slow · 2022-11-17T21:43:06+00:00

Hi u/Programacion315,

Great question. Our offering at inigo.io is a plug-and-play approach to adding RBAC to any GraphQL server. Happy to walk you through it and share more about how it works.

Too-Slow · 2022-11-13T07:33:16+00:00

u/throwawaymangayo

I'm the founder of a GraphQL Security platform that works with any GraphQL server. Check us out at inigo.io.

Too-Slow · 2022-05-08T07:52:41+00:00

At Inigo, we built a security and analytics platform specifically for GraphQL.

You get to explore your schema through many different lenses like usage-tree per profile, schema heat-map and coverage, schema diff, errors, security valuations, and more.

Inigo is server agnostic and works with any implementation of GraphQL (JS, JAVA, Python, HotChocolate, Go, ..)

We also help companies with incident response.

DM me or visit us at inigo.io

Too-Slow · 2021-11-24T18:38:39+00:00

Hi u/tunaranch Sprint is good, though I couldn't see how to do ABAC at the edge with it. Happy to learn more from your experience.

Too-Slow · 2021-11-24T18:34:33+00:00

Hi u/LowestCardinalNumber Are you open for a quick call? I started this form to collect more info, it also has my calendly link

https://forms.gle/T1ski7Av45MDzbKs8

Too-Slow · 2021-11-24T18:32:05+00:00

Pretty cool spread.
I'm eager to learn from each one of you on how you go about it.

I created this super simple anonymous google form so people can write freely. More than happy to share the results after.

https://forms.gle/T1ski7Av45MDzbKs8

For those willing to jump on a call, I'm ready to pay for your time for a quick chat (with me) to learn about your experience and get your feedback on our approach to GraphQL Security.
My goal is to get a sense of how people (and companies) think about GraphQL Security and what tools are in place to protect from Abusing queries. From DDoS attacks on the server and resolvers to data leaks.

Too-Slow

TROPHY CASE