Application security

How GraphQL & Template Injection Threats Influence App Architectures – Mike Benjamin – ASW #202

Both GraphQL and template engines have the potential for injection attacks, from potentially exposing data due to weak authorization in APIs to the slew of OGNL-related vulns in Java this past year. We take a look at both of these technologies in order to understand the similarities in what could go wrong, while also examining the differences in how each one influences modern application architectures.

Full episode and show notes


  • Don't miss any of your favorite Security Weekly content! Visit to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!


Mike Benjamin
Mike Benjamin
VP of Security Research at Fastly

Mike is focused on researching the latest attack methods to ensure Fastly’s technologies can provide customers with protections against these threats. Prior to Fastly, Mike was VP of Security at Lumen Technologies where he led security product engineering, operations, and the Black Lotus Labs threat intelligence team.

Mike’s key focus throughout his 25 years of service provider experience has been creating secure and scalable technology for his customers.


Mike Shema
Mike Shema
Security Partner at Square
John Kinsella
John Kinsella
Co-founder & CTO at Cysense
prestitial ad