New CS: GraphQL Security Cheat Sheet #427
Conversation
updating to latest from original repo
|
Had an initial quick skim over this. It looks like a nice place to grow it out into a beautiful CS. No crucifying for now. Set in draft mode till we're a bit more convinced on the structure and the potential of what it could contain. Next stage a larger expansion of it. So first, have a robust skeleton with the details in there and with additional research. Second, making this into a full CS that is ready for production. |
|
No crucifying for now.
Our good friend ThunderSon meant to say, no crucifying *ever* and we are
grateful for your volunteer efforts!!
=)
Aloha, Jim
|
|
I like it so far! I will add some comments after @ThunderSon will update structure/format. Good job @bigshebang! |
|
Thanks all! Excited to get this CS out there for the world to use. |
|
@bigshebang please create a new PR with a new branch. Master branches aren't fun playing with when things go sideways :) |
|
Moving this to a different PR with a new branch. |
|
See new PR here: #434. |
This PR covers issue #421
Don't crucify me, but I didn't check for any policy violations or use the New CS template. Just wanted to get my content here first as quickly as I could. I did check up with the conversion rules though and should be compliant with that.
This content is a copy (with small editing) of a quick cheat sheet I made for developers. I made this probably the same day that I started actually learning about breaking GraphQL and I'm still not very experienced testing it. I drew from online content like OWASP and Apollo GraphQL and from colleagues with more experience breaking GraphQL.
Some definite improvements that can be made: