Revenir au blog

Follow and Subscribe

Introducing GraphQL Inspection for the Fastly Next-Gen WAF

James Nguyen

Product Manager, Fastly

We are proud to announce that the Fastly Next-Gen WAF (powered by Signal Sciences) is now one of few API security solutions to offer GraphQL Inspection — expanding our coverage over your APIs, no matter what architecture or specification your developers use.

APIs represent a growing threat vector within app traffic and are top of mind for many developers — no surprise when you consider the rapid shift to public cloud and API-centric applications. In fact, Gartner predicts that API attacks will become the most-frequent attack vector, causing data breaches for enterprise web applications this year. 

Better performance, but more difficult to secure 

While REST and SOAP have played major roles in how APIs are written, GraphQL is quickly becoming a developer favorite for its efficiency, speed, and specificity. The strength of GraphQL over REST is that it allows the caller to request the exact information they need without returning any extraneous data. And this is done with a single call instead of making multiple roundtrips to the backend which decreases overall server strain. 

As is generally the case, in scenarios where information is more readily available, threats are going to be more abundant. That’s true with GraphQL, and there are a number of security implications that publishers and consumers should be aware of. In addition to GraphQL-specific attacks, GraphQL requests are also susceptible to all OWASP-style attacks, like XSS, CMDEXE, and SQLi.

Out-of-the-box GraphQL Inspection

Although GraphQL is quickly gaining popularity, few security solutions offer GraphQL Inspection. Our next-gen WAF offers coverage that detects, inspects, and blocks OWASP-style injection attacks, denial of service attacks, and other vulnerabilities that can target GraphQL APIs — all without any additional configuration on your part. 

If you want more customized protection, we provide the flexibility for you to define rules that are triggered by common GraphQL attack vectors, like maximum query depth or introspection attempts. Now you can take advantage of the benefits that GraphQL offers without taking on additional application security risk.

Start securing your GraphQL APIs today 

Security solutions must keep pace with technological advances. GraphQL Inspection moves the Fastly Next-Gen WAF to the forefront of API protection, providing increased API attack visibility and coverage, more flexibility for developers to work with the languages that fit into their workflows, and greater operational efficiency without putting your applications at risk. Check out our GraphQL Inspection datasheet for a deeper dive.

If you use our next-gen WAF and are currently using GraphQL for APIs, reach out to your account manager or sales@fastly.com to learn more and try our new GraphQL Inspection feature. And if you’re not yet a Fastly Next-Gen WAF customer, learn more now, including why 90% of our customers run our WAF in full blocking mode.