GraphQL DoS (Denial of Service) attacks target GraphQL parsers, GraphQL resolvers, and the underlying DBs in a single API call.
It is possible to protect your server from these attacks with a set of guardrails and GraphQL usage-based rate-limiting.
A closer look at how granular access control can help protect from weaknesses around Introspection, field suggestions, and field fuzzing.
Like any new technology, security awareness is often lagging behind adoption. For this reason, GraphQL attack surfaces are bound to unfold for many of its users.