New CS: GraphQL (#434) · OWASP/CheatSheetSeries@8dddd88

Commit

New CS: GraphQL (#434)

* feat: add first draft of GraphQL Cheat Sheet

* chore: fix formatting to match guidelines

* chore: md clean up

* chore: header tweaks

* revision 1 based on feedback

* Add ORM/ORD feedback from PauloASilva

Co-authored-by: PauloASilva <pauloasilva@gmail.com>

* Add tool vs API feedback from PauloASilva

Co-authored-by: PauloASilva <pauloasilva@gmail.com>

* Adding DoS change from PauloASilva

Co-authored-by: PauloASilva <pauloasilva@gmail.com>

* Another DoS change from PauloASilva

Co-authored-by: PauloASilva <pauloasilva@gmail.com>

* Add missing parenthesis to link

Co-authored-by: PauloASilva <pauloasilva@gmail.com>

* adding real content for OS DoS placeholders

* added an example attack query for amount limiting

* touched up the DoS section a bit

* rearranging IDOR to be under the access control section

* Important wording fix from PauloASilva

Co-authored-by: PauloASilva <pauloasilva@gmail.com>

* IDOR clarification from PauloASilva

Co-authored-by: PauloASilva <pauloasilva@gmail.com>

* move content to new insecure defaults section

* add content for batch attacks; clean up other loose ends

* Add batching attack mitigation for DOS attacks, from Paulo

Co-authored-by: PauloASilva <pauloasilva@gmail.com>

* add content changes/additions per Paulo's suggestions

* Fix wording and add proper input validation CS link

Co-authored-by: ThunderSon <32433575+ThunderSon@users.noreply.github.com>

* Letting ThunderSon fix up some javascript

Co-authored-by: ThunderSon <32433575+ThunderSon@users.noreply.github.com>

* changes based on ThunderSon's feedback

* Update cheatsheets_draft/GraphQL_Cheat_Sheet.md

Co-authored-by: ThunderSon <32433575+ThunderSon@users.noreply.github.com>

* fixing remaining CS links

* changing WSTG from latest to stable

* Fixing javascript code snippet

Co-authored-by: PauloASilva <pauloasilva@gmail.com>

Co-authored-by: Elie Saad <eliesaad7@gmail.com>
Co-authored-by: PauloASilva <pauloasilva@gmail.com>
Co-authored-by: ThunderSon <32433575+ThunderSon@users.noreply.github.com>