Escape GraphQL Security Testing

Escape GraphQL Security Testing is a Dynamic Application Security Testing (DAST) solution designed specifically for GraphQL applications. The tool provides native support for GraphQL's recursive nature and tests for GraphQL-specific vulnerabilities including batching attacks, aliasing issues, and deeply nested access control flaws. The platform tests GraphQL applications built on frameworks such as Apollo GraphQL and GraphQL Yoga. It identifies business logic flaws, Broken Object Level Authorization (BOLA), and Insecure Direct Object References (IDOR) vulnerabilities. The tool includes capabilities for testing authenticated endpoints with built-in authentication support for SSO, MFA, and browser-based authentication. Escape offers automated false positive removal and contextual risk scoring to assist with vulnerability triage. The platform generates auto-remediated code suggestions to help developers fix identified issues. Users can create custom rules and tests tailored to specific business flows. The solution integrates into CI/CD pipelines for continuous security testing throughout the software development lifecycle. It provides compliance reporting for standards including OWASP Top 10, PCI DSS, and SOC 2. The platform includes private location support for testing internal and private applications. Escape provides a public API and CLI for workflow automation and custom integrations. The tool generates reports for different audiences including executives, customers, and technical staff.