Thursday
Room 5
13:40 - 14:40
(UTC+02)
Talk (60 min)
Don't Panic: A Developer's Guide to Building Secure GraphQL APIs
The adoption of GraphQL APIs in production is increasing. Sure, you can declaratively fetch the data you need, but could over-fetching be dangerous?
While teams use this query language to create fast, flexible APIs, they inadvertently expose their systems to new attack vectors.
This session will cover the dos and don'ts of designing secure GraphQL APIs by highlighting case studies and their OWASP risks. The goal is to give you the tools to plan for threats earlier in the API lifecycle proactively. In addition, you'll also learn about the challenges and security risks that GraphQL APIs face compared to other popular API specifications and standards.
Meenakshi Dhanani
Meenakshi works as a Developer Relations Engineer for GraphQL at Postman, an API platform with over 20 million users. Her team focuses on many API specifications, including GraphQL, gRPC, AsyncAPI, JSON Schema, and OpenAPI. Her current emphasis is on learning about and communicating best practices with GraphQL. Her Google Maps search history includes vegan restaurants and parks nearby.