GraphQL Security Hub

Not surprisingly, the question of GraphQL in government -- or highly regulated -- spaces is a topic that is broached somewhat regularly. Of course, no post about regulated industries (finance, banking, healthcare, public-sector, etc) is complete without a consideration of security and compliance.

This document will outline Hasura’s security-first approach to running our own services, the security tooling we provide that allows our customers to pursue OWASP compliance and our commitment to achieving high marks according to the SAMM maturity model.

In this post, we will look at how to secure GraphQL APIs with various defense mechanisms available in Hasura Cloud. Without the right protections, you are opening up your application network to malicious attacks and potentially exposing data in some cases.

In this post, we will look at various aspects of taking a GraphQL API to production and how Hasura helps you through the process seamlessly with it's advanced security and production ready features.