Graphql-Threat-Matrix : GraphQL Threat Framework Used By Security Professionals

graphql-threat-matrix was built for bug bounty hunters, security researchers and hackers to assist with uncovering vulnerabilities across multiple GraphQL implementations.

The differences in how GraphQL implementations interpret and conform to the GraphQL specification may lead to security gaps and unique attack vectors. By analyzing and comparing the factors that drive the security risks across different implementations the GraphQL ecosystem can make safer deployment decisions as well as collectively advance the security maturity of all implementations.

Legend
✅  – Enabled by Default
⚠️  – Disabled by Default
❌  – No Support

Implementation	Validations	Field Suggestions	Query Depth limit	Query Cost Analysis	Automatic Persisted Queries	Introspection	Debug Mode	Batch Requests
wp-graphql	38	✅	⚠️	❌	❌	⚠️	⚠️	✅
graphql-php	37	✅	⚠️	⚠️	❌	✅	⚠️	⚠️
Apollo	34	✅	⚠️	⚠️	✅	✅	✅	✅
graphql-yoga	34	✅	⚠️	❌	❌	⚠️	⚠️	⚠️
graphene	34	✅	❌	❌	❌	✅	❌	⚠️
Ariadne	34	✅	⚠️	⚠️	❌	✅	⚠️	❌
Strawberry	34	✅	⚠️	❌	❌	✅	❌	❌
graphql-ruby	28	✅	❌	⚠️	⚠️	✅	❌	✅
Sangria	27	✅	⚠️	⚠️	❌	✅	❌	⚠️
Tartiflette	26	❌	❌	❌	❌	✅	❌	❌
graphql-java	26	✅	⚠️	⚠️	❌	✅	❌	⚠️
gqlgen	25	✅	❌	⚠️	⚠️	✅	⚠️	⚠️
Dgraph	25	✅	❌	❌	⚠️	✅	❌	❌
graphql-go	24	✅	❌	❌	❌	✅	⚠️	❌
juniper	24	❌	❌	❌	❌	✅	❌	⚠️
Diana.jl	10	✅	❌	❌	❌	✅	❌	❌
gql-dart/gql	9	✅	❌	❌	❌	✅	❌	❌
Agoo	1	❌	❌	❌	❌	✅	⚠️	❌

For Penetration Testers

Use graphw00f to fingerprint a target GraphQL API and determine the backend implementation.

Related

Graphw00F : GraphQL fingerprinting tool for GQL endpoints

September 22, 2021

In "Kali Linux"

GraphQL Cop : Security Auditor Utility For GraphQL APIs

April 11, 2022

In "Kali Linux"

Damn Vulnerable GraphQL Application

February 19, 2021

In "Kali Linux"

R K

Next PEzor-Docker : With The Help Of This Docker Image, You Can Easily Access PEzor On Your System! »

Previous « Malicious-Pdf : Generate A Bunch Of Malicious Pdf Files With Phone-Home Functionality

Leave a Comment

Share

Published by

R K

Tags: FrameworkGraphQLGraphql-Threat-MatrixSecurity Professionals

3 years ago

Recent Posts

Cyber security

How AI Puts Data Security at Risk

Artificial Intelligence (AI) is changing how industries operate, automating processes, and driving new innovations. However,…

22 hours ago

TECH

The Evolution of Cloud Technology: Where We Started and Where We’re Headed

Image credit:pexels.com If you think back to the early days of personal computing, you probably…

5 days ago

TECH

The Evolution of Online Finance Tools In a Tech-Driven World

In an era defined by technological innovation, the way people handle and understand money has…

5 days ago

OSINT

A Complete Guide to Lenso.ai and Its Reverse Image Search Capabilities

The online world becomes more visually driven with every passing year. Images spread across websites,…

6 days ago

Cyber security

How Web Application Firewalls (WAFs) Work

General Working of a Web Application Firewall (WAF) A Web Application Firewall (WAF) acts as…

1 month ago

Linux

How to Send POST Requests Using curl in Linux

How to Send POST Requests Using curl in Linux If you work with APIs, servers,…

1 month ago

L