[🏫 In-Person] Access Control Vulnerabilities in GraphQL with Bogdan Tiron 🔞

This event will be a single talk on Examining Access Control Vulnerabilities in GraphQL - A Feeld Case Study with Bogdan Tiron

⚠️ This will be an in-person event, the venue is Sheffield Tech Parks.

• 📌 Google Maps: https://maps.app.goo.gl/xm9z5Wr97QbefVCP7
• 🚗 Parking: Sheffield Tech Parks have limited parking, however provide free parking to our guests! Once at the barriers phone 0114 221 1800 and they'll let you in.

Agenda:

• 🍕 Pizza/Drinks (18:15 - 18:30)
• 🗣 Introduction (18:30)
• 👉 Examining Access Control Vulnerabilities in GraphQL - A Feeld Case Study
  (18:35ish)
• 🍻 Social @ Pub (after the talk)

👉 Examining Access Control Vulnerabilities in GraphQL 🔞
This talk explores the importance of implementing robust access controls in GraphQL and REST APIs and the severe consequences when these controls are not properly enforced. GraphQL, a flexible data query language, allows clients to request exactly the data they need, but without proper access control mechanisms, sensitive data can be easily exposed. Using the Feeld dating app as a case study, we will dive into a critical security review of how the lack of access controls in GraphQL and REST endpoints led to the exposure of users’ personal data, including sensitive photos, videos and private messages. This session will highlight common access control vulnerabilities in GraphQL and REST implementations , real-world examples of security lapses, their impact and remediation.

📋 Code of Conduct
We want dotnetsheff to be a welcoming and respectful community for everyone. Please take a moment to read and follow our guidelines:

• ✅ We’re committed to providing a harassment-free experience for all attendees.
• ✅ Please be sensible with drinks – we want everyone to feel comfortable.
• ✅ Remember, we host dotnetsheff in a shared co-working space. All food, drinks, and biscuits at the venue belong to Sheffield Tech Parks – please don’t take anything that isn’t provided for the meetup.
• ✅ Let’s work together to create a friendly, inclusive, and supportive environment.