You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardexpand all lines: modules/4-graphql.livemd
+1-1
Original file line number
Diff line number
Diff line change
@@ -21,7 +21,7 @@ Introspection queries are a way of enumerating a particular GraphQL implementati
21
21
22
22
If you are familiar with databases, this is similar to gathering info on the [database schema](https://en.wikipedia.org/wiki/Database_schema) that includes information about table names, fields, database, structure etc.
23
23
24
-
Malicious actors in their information gathering/reconnaissnce efforts can leverage this information as they look for ways to attack your application and construct malicious queries and requests to expose and compromise data.
24
+
Malicious actors in their information gathering/reconnaissance efforts can leverage this information as they look for ways to attack your application and construct malicious queries and requests to expose and compromise data.
25
25
26
26
Excessive Data Exposure is number 3 on OWASP's API Security Top 2019 and APIs with this issue return too much and/or sensitive information in response to incoming requests and queries. Although it provides a useful function for GraphQL developers, the information returned by introspection can help facilitate attack.
0 commit comments