Attackers have sophisticated, automated methods of prodding GraphQL deployments for security weaknesses. Passive research on an organization, innocuous queries to assess application behavior and locating GraphQL APIs by simple deduction are all part of an attacker’s toolbox right now.
Read full article on Help Net Security