Automated GraphQL Application Security Testing

We’ve all heard the buzz around pushing application security into the hands of developers. But if you’re like most companies, it has been hard to actually make this a reality. You aren’t alone – putting the culture, processes, and tooling in place to make this happen is tough, especially for sophisticated applications like those backed by GraphQL. In this hands-on technical session, StackHawk Senior DevOps Engineer, Zachary Conger, will walk through how to protect your GraphQL APIs from vulnerabilities using automated security testing. Get ready to roll-up your sleeves for automated AppSec testing.
Speaker
Zachary Conger
Zachary Conger
Solutions Architect, StackHawk

Other recordings

WORKSHOP
Getting Started with Hasura
In this 90 minute workshop, you will set up a Powerful, Scalable Realtime GraphQL Backend complete with Queries, Mutations, and Subscriptions. You will also learn how Hasura helps you integrate custom business logic (in any programming language), both as custom GraphQL APIs that you write yourself, and as Event Triggers that run asynchronously and are triggered by database events.
Takeaways
  • Hasura Basics: Use Hasura to generate the realtime GraphQL API powered by a Postgres database
  • Authorization: Setup authorization so that app users can only run operations on data that they should be allowed to
  • Authentication: Integrate a JWT based auth provider (using Auth0) with Hasura
  • Remote schemas: Add a custom GraphQL resolver to create an API for fetching data that is not in the database
  • Event triggers: Run business logic on the backend when there are database events
Requirements
  • Familiarity with GraphQL
Arjun Yelamanchili
Arjun Yelamanchili
GraphQL Education, Hasura
View Recording
WORKSHOP
Creating and Federating Data Across a Unified GraphQL API
Most organizations use multiple datastores. There are many reasons your organization might be looking to adopt a new datastore - for example, to move certain workloads of an existing application to a specialized datastore or to set up a modern application on a new Database.

In this talk, we’ll cover how you can set up a unified GraphQL API for your organization so that you are able to access data from existing & new data sources - databases, microservices & SaaS services (GraphQL & REST) simultaneously while offering a consistent API experience to your developers.
Takeaways
  • Accessing all your data with a unified GraphQL API no matter where it lives
  • A deep dive on Hasura’s remote join features
  • An overview of setup, security (authorisation), and performance
Requirements
  • Familiarity with Hasura & GraphQL
Praveen Durairaju
Praveen Durairaju
Developer Advocate, Hasura
View Recording
WORKSHOP
Securing your GraphQL API with Hasura
In this live workshop, we will show you how to add enterprise-grade security to your GraphQL API. We will start out with introducing the basic security principles that are common across API development. We will then review the measures specific to GraphQL. Finally, we will look at how you can perform these steps easily using Hasura.
Requirements
  • Familiarity with GraphQL
  • Familiarity with Hasura
David Ventimiglia
David Ventimiglia
Solutions Engineer, Hasura
View Recording
WORKSHOP
Reusing REST APIs with Hasura
Last year we introduced request and response transforms, a feature that lets you add existing REST APIs into Hasura. In this 90 minute lecture we will introduce you to Hasura’s Request transforms and show you how to integrate REST services into an existing GraphQL API
Requirements
  • Familiarity with GraphQL
  • Familiarity with Hasura
Benoit Ranque
Benoit Ranque
Support Engineer, Hasura
View Recording
WORKSHOP
Developer Superpowers with Postgres
Postgres is an advanced, enterprise class open-source relational database backed by over 30 years of community development. It is the backbone Database to many key technologies and apps we use every day.
Come & join us in this talk, to know about Postgres superpowers which helps you optimise your deployment, improve quality and developer economics.
Requirements
  • Basic fundamentals of relational databases (Postgres preferred)
  • Understanding of Hasura platform
Takeaways
  • Optimisation technique to operate Postgres
Prashant Dagar
Prashant Dagar
Infrastructure & Data management specialist, Google
View Recording
WORKSHOP
Build a Modern GraphQL Server using GraphQL Yoga and the Modern JS Ecosystem Tools
In this workshop we'll build a GraphQL Yoga server from scratch, as well as cover how you can use Yoga inside of frontend applications like Next.js. We'll also look through the plugin ecosystem of Envelop, and what can be added to Yoga to fully customize it to your needs.
Jamie Barton
Jamie Barton
Teaching GraphQL, GraphQL WTF, The Guild
View Recording