GraphQL has been a technology I’ve been focusing a lot on in my day job. GraphQL is a query language made by Facebook, and can be an alternative to REST.
I have spent quite some time researching how to defend GraphQL properly. My journey into researching GraphQL included searching for a Damn Vulnerable version of GraphQL, which didn’t exist. At least not one that covers all the major issues with GraphQL that satisfied me.
Long story short, I created a Damn Vulnerable GraphQL Application that allows exploring GQL as a technology, while also providing a safe environment to attack a poorly implemented GraphQL setup. In addition, there’s a focus on educational content for defenders, suitable for both GQL experts and novices.
DVGA can be found on my GitHub