Kirk Jackson: Securing GraphQL without going around in circles

Hope everyone who attended OWASP New Zealand Day up in Auckland had an awesome time! If you missed the event, slide decks for many of the talks are available at https://appsec.org.nz/conference/.

Attending
We're hosting this meetup at PrivSec, located on Level 7, 117 Lambton Quay in the Wellington CBD. The talk kicks off at 6pm, but we'll have some snacks before-hand. Arrive any time from 5:30pm onwards!

Please RSVP if you're looking to attend so we can gauge numbers! If you are unwell please RSVP "no" and do not attend. We'll look forward to seeing you when you're well.

In the event the doors/lifts are locked, please contact Jack Moran on 022 313 9028.

Presentation Details
GraphQL is gaining traction as a way to expose your API's with a consistent interface. By acting as a common layer in front of your internal API's and microservices, GraphQL proxies and transforms your API traffic and provides a rich query syntax allowing a great developer experience.

However, all good things come at a cost, and simplicity on the front-end hides complexity beneath. In this talk we will explore the challenges of securing a GraphQL API, and share some strategies for making your API's more secure.