E A T S T O A V O I D Threats!!! There are many approaches to secure your GraphQL server against these queries, but none of them is bullet proof. It’s important to know what options are available and know their limits and take best decisions out of it!. • Disable well known /graphql & /graphiql endpoints from the domain. • Craft your own schema and avoid using autogenerated SDL which creates queries and mutations. • Input validation, Authentication & Authorization should never be forgotten. • Never trust user inputs. • Enforce a limit on maximum query depth(~<10), Query complexity, timeouts & enabled throttling based on the server time & query complexity.