GraphQL, the open source query language for application programming interfaces (APIs), is very powerful. With great power comes great responsibility, as Spider-Man reminds us, and sometimes developers go badly wrong. And, that’s exactly what happened, according to Salt Security, a leading API security company, when their researchers found a GraphQL API authorization vulnerability in a B2B financial technology (FinTech) platform.

Whoops.

Salt Security Finds Serious GraphQL API Security Hole. More>