I started playing around with GraphQL around 2 years ago. I was stunned by the power of the technology. Especially: * The ability to dynamically fetch different attributes at runtime without having to change the API itself * Speed of the fetches, even with large datasets * Subscriptions - Ability for the API
This article comes (relatively) close on the heels of my talk at AppSec California. The talk was: > "An Attacker's Perspective of Serverless and GraphQL Applications" The slides for that talk are available here [https://github.com/we45/we45-Public-Presentations/blob/master/2019/AbhayBhargav_AppSecCali_SLS%26GQL.