ASVS Requirement 4.3.1

• Level: 2
• Chapter: V4 API and Web Service
• Section: V4.3 GraphQL
• Source: 0x13-V4-API-and-Web-Service.md

Description

Verify that a query allowlist, depth limiting, amount limiting, or query cost analysis is used to prevent GraphQL or data layer expression Denial of Service (DoS) as a result of expensive, nested queries.