Secure a GraphQL Application With F5 AWAF
Feb 13, 2022
GraphQL is an open-source data query and manipulation language for APIs, and a runtime for fulfilling queries with existing data. It was internally developed by Facebook in 2012 and is now a part of the Linux Foundation. GraphQL is a new API technology that is gaining traction in the market and, like any other API, there are attack vectors to exploit it. Starting with Advanced WAF v16.1, F5 now natively supports security for GraphQL APIs.
A CI/CD pipeline controls the deployment of the vulnerable application (DVGA), the declarative WAF policy and the DAST session execution are controlled by a CI/CD pipeline, simulating a modern development environment. The pipeline will use Terraform to deploy DVGA in a Kubernetes environment, deploy the WAF policy via AS3, kick off the ZAP session and finally, collect the learning suggestions.