[🏫 In-Person] Access Control Vulnerabilities in GraphQL with Bogdan Tiron 🔞

This event will be a single talk on Examining Access Control Vulnerabilities in GraphQL - A Feeld Case Study with Bogdan Tiron

⚠️ This will be an in-person event, the venue is Sheffield Tech Parks.

• 📌 Google Maps: https://maps.app.goo.gl/xm9z5Wr97QbefVCP7
• 🚗 Parking: Sheffield Tech Parks have limited parking, however provide free parking to our guests! Once at the barriers phone 0114 221 1800 and they'll let you in.

Agenda:

• 🍕 Pizza/Drinks (18:15 - 18:30)
• 🗣 Introduction (18:30)
• 👉 Examining Access Control Vulnerabilities in GraphQL - A Feeld Case Study
  (18:35ish)
• 🍻 Social @ Pub (after the talk)

👉 Examining Access Control Vulnerabilities in GraphQL 🔞
This talk explores the importance of implementing robust access controls in GraphQL and REST APIs and the severe consequences when these controls are not properly enforced. GraphQL, a flexible data query language, allows clients to request exactly the data they need, but without proper access control mechanisms, sensitive data can be easily exposed. Using the Feeld dating app as a case study, we will dive into a critical security review of how the lack of access controls in GraphQL and REST endpoints led to the exposure of users’ personal data, including sensitive photos, videos and private messages. This session will highlight common access control vulnerabilities in GraphQL and REST implementations , real-world examples of security lapses, their impact and remediation.