"The best resource for anyone looking to test GraphQL for vulnerabilities. Not only did Aleks and Farhi write the book, but they also created the vulnerable application used in the book's labs . . . This is a must-read book for those in API security."
—Corey Ball, author of Hacking APIs
'A must-have'"This book brought me from zero to ‘incredibly dangerous’ in ten chapters. . . . If you are going to be PenTesting GraphQL systems, or are charged with protecting such a system, this book is a must-have."
—Tanya Janca, founder of We Hack Purple
'The ultimate guide'“With the increasing number of web platforms built on top of GraphQL, this book is an essential resource for all security practitioners. By covering both the basics and advanced topics, Nick and Dolev have created the ultimate guide to hacking GraphQL.â€
—Luca Carettoni, Doyensec
About the AuthorsDolev Farhi is a security engineer and author with extensive experience leading security engineering teams in complex environments and scale in the Fintech and cyber security industries. Currently, he is the Principal Security Engineer at Wealthsimple, building defenses for one of the fastest Fintech companies in North America. Dolev has previously worked for several security firms and provided training for official Linux certification tracks. He is one of the founders of DEFCON Toronto (DC416), a popular Toronto-based hacker group. In his spare time, he enjoys researching vulnerabilities in IoT devices, participating and building CTF challenges and contributing exploits to Exploit-DB.
Nick Aleks is a leader in Toronto's cybersecurity community and a distinguished and patented security engineer, speaker, and researcher. He is currently the Senior Director of Security at Wealthsimple, leads his own security firm, ASEC.IO, and is a Senior Advisory Board member for HackStudent, George Brown, and the University of Guelph’s Master of Cybersecurity and Threat Intelligence programs. A founder of DEFCON Toronto, he specializes in offensive security and penetration testing and has over 10 years of experience hacking everything from websites, safes, locks, cars, drones, and even smart buildings.
No Starch Press has published the finest in geek entertainment since 1994, creating both timely and timeless titles like Python Crash Course, Python for Kids, How Linux Works, and Hacking: The Art of Exploitation. An independent, San Francisco-based publishing company, No Starch Press focuses on a curated list of well-crafted books that make a difference. They publish on many topics, including computer programming, cybersecurity, operating systems, and LEGO. The titles have personality, the authors are passionate experts, and all the content goes through extensive editorial and technical reviews. Long known for its fun, fearless approach to technology, No Starch Press has earned wide support from STEM enthusiasts worldwide.
