GraphQL Security

A query language that turns the API surface inside out — the client picks the shape of every response. The resolver model, schema disclosure via introspection and field suggestions, batching/depth/alias DoS, object-level IDOR through flexible arguments, CSRF on GET-based mutations, and the persisted-query defense that collapses most of it.