AppSync introspection endpoint enabled

firetail:aws-appsync-introspection-enabled

Type:

Finding

Rule Severity:

High

The AppSync GraphQL API has introspection enabled

With introspection enabled, unauthorized users could gain valuable insights into the API's schema, leading to an increased risk of attacks such as unauthorized access, data exposure, or malicious API manipulation. This weakens the security of the AppSync API, potentially exposing sensitive backend services and data to exploitation.

Remediation

Disable introspection on the AppSync GraphQL API.

Example Attack Scenario

How to Identify with Example Scenario

How to Resolve with Example Scenario

How to Identify with Example Scenario

Find the text in bold to identify issues such as these in API specifications

How to Resolve with Example Scenario

Modify the text in bold to resolve issues such as these in API specifications
References:

More findings

All Findings