A Comprehensive Study of Graph QL Security Challenges
DOI:
https://doi.org/10.47392/IRJAEM.2025.0203Keywords:
GraphQL, Security Vulnerabilities, API Security, Denial of Service (DoS), Injection Attacks, Authentication and Authorization Bypass, Request Forgery, IntrospectionAbstract
GraphQL is a highly flexible query language utilized for flexible API construction. It offers excellent benefits over conventional APIs because of its flexible nature and strong queries. It provides numerous benefits, but because of its dynamic nature and absence of built-in mechanisms, it is vulnerable to very critical attacks like injection attacks, denial of service (DoS) attacks, broken authentication and authorization, request forgery, schema introspection, and bad exception handling. By studying in detail, this paper discloses how the GraphQL APIs can be attacked by an attacker using a variety of attacks. The paper explains real-world attack methods with diagrams and examples, such as how to detect GraphQL, overloading the server with complex queries, injecting the malicious code, brute-forcing credentials, and forging requests on the client and server sides.
Downloads
Downloads
Published
Issue
Section
License
Copyright (c) 2025 International Research Journal on Advanced Engineering and Management (IRJAEM)
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
. 