One year ago today, I wrote an article discussing NoSQL Injection and GraphQL. I praised GraphQL for eradicating the entire possibility of NoSQL Injection. I claimed that because GraphQL forces you to flesh out the entirety of your schema before you ever write a query, it’s effectively impossible to succumb to the incomplete argument checking that leads to a NoSQL Injection vulnerability. Put simp
![GraphQL NoSQL Injection Through JSON Types](https://cdn-ak-scissors.b.st-hatena.com/image/square/0df456652396436e3438f03eb49754ca44b1caee/height=288;version=1;width=512/http%3A%2F%2Fwww.petecorey.com%2Fimg%2FPete%2520and%2520Lyra%2520Square%2520300x300.png)