In presentation Damn GraphQL - Defending and Attacking APIs - Dolev Farhi, a security researcher brings down a WordPress site by attacking the WPGraphQL endpoint, killing the DB in less than 20 seconds using a simple Python script. Frightening!

The same security researcher created Damn Vulnerable GraphQL Application to highlight several attach vectors to a GraphQL server.

Task: Attack a site running the GraphQL API for WordPress, and make an assessment if it withstands the attacks.

I'm the security engineer behind DVGA/Damn GraphQL talk, I would be willing to take on this task if you need a pair of hands to test it out.

Hi @dolevf that would be awesome, thanks! (Btw, I loved your presentation!) I'll accept your help.

I still need to protect the server by query complexity analysis, though, and I can only implement it in a few months. I'll keep you updated