Lightning Talk: DoS Wars: Revenge of the Fragments

May 20, 16:25 – 16:35

Grand Ballroom II - IV

Security

Session description

Fragments—an indispensable tool for modularizing data requirements alongside client code, but also a denial-of-service attack vector for servers. Security guides will tell you to mitigate by validating queries and performing cost analysis, usually via field costs and list sizes. However, this focus on field execution can distract from how fragments affect the rest of the server stack. In this lightning talk, we explore the attack patterns and mitigation strategies for the fragment-based vulnerabilities at the core of CVE-2025-31496, CVE-2025-32030, CVE-2025-32033, and CVE-2025-32034.

Session speakers

Sachin Shinde

Apollo GraphQL, Staff Software Engineer

Working on all things federation and orchestration at Apollo, previously worked on the Apollo Studio schema and metrics pipelines.

Get your ticket

Join two transformative days of expert insights and innovation to shape the next decade of APIs!

Get tickets

COMMUNITYDEVELOPER EXPERIENCEAPIsTOOLS & LIBRARIESCOMMUNITYDEVELOPER EXPERIENCEAPIsTOOLS & LIBRARIES

OPEN SOURCEFEDERATIONECOSYSTEMSTRACING & OBSERVABILITYOPEN SOURCEFEDERATIONECOSYSTEMSTRACING & OBSERVABILITY

BEST PRACTICESSCHEMASSECURITYBEST PRACTICESSCHEMASSECURITY