The adoption of GraphQL APIs in production is increasing. Sure, you can declaratively fetch the data you need, but could over-fetching be dangerous? While teams use this query language to create fast, flexible APIs, they inadvertently expose their systems to new attack vectors. This session will cover the dos and don'ts of designing secure GraphQL APIs by highlighting case studies and their OWASP risks. The goal is to give you the tools to plan for threats earlier in the API lifecycle proactively. In addition, you'll also learn about the challenges and security risks that GraphQL APIs face compared to other popular API specifications and standards. Check out our new channel: NDC Clips: @ndcclips Check out more of our featured speakers and talks at https://ndcconferences.com/ https://ndcoslo.com/