You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
GraphQL supports batching of multiple queries into a single request. This allows users to request multiple objects or multiple instances of objects efficiently. However, an attacker can utilize this functionality in order to perform a batching attack.
...
Batching attacks can be used to bypass many security measures enforced on sites. It can also be used to enumerate objects and attempt to brute force multi-factor authentication or other sensitive information.
Currently, you can only enable or disable request batching, but you cannot limit the number of requests in the batch.
The text was updated successfully, but these errors were encountered:
See
Batching Attackssection: https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/12-API_Testing/01-Testing_GraphQLCurrently, you can only enable or disable request batching, but you cannot limit the number of requests in the batch.
The text was updated successfully, but these errors were encountered: