GraphQL Featured GraphQL Security Part I: Preventing 'traversal attacks' in your GraphQL API GraphQL APIs need authorization rules that prevent traversal attacks and granular rules to determine if a Viewer has access to a field.
