diff --git a/project/dalia/query/utils.py b/project/dalia/query/utils.py
index 1808beb128347b7042cb2a71c3ea3f25027982cc..8aa45f7083f729049a2c70efed105a31c3520b8a 100644
--- a/project/dalia/query/utils.py
+++ b/project/dalia/query/utils.py
@@ -30,7 +30,7 @@ def query_dataset(dataset: Dataset, query: str) -> Result:
 
 # TODO: find out whether we can use one and the same SPARQLStore object for all (parallel) queries
 def _get_sparql_store(dataset: Dataset) -> SPARQLStore:
-    return SPARQLStore(query_endpoint=f"{_get_triplestore_endpoint_from_settings()}{dataset.value}")
+    return SPARQLStore(query_endpoint=f"{_get_triplestore_endpoint_from_settings()}{dataset.value}/query")
 
 
 def _get_triplestore_endpoint_from_settings() -> str:
diff --git a/security.md b/security.md
index 8132cdca4b96037ed79bf2b2fe56743819ca2297..c855610f4a84ee3bdb44b0a36fecfd57b20bb390 100644
--- a/security.md
+++ b/security.md
@@ -56,3 +56,7 @@ Our business logic uses a [query builder](https://git.rwth-aachen.de/dalia/backe
 #### URIs
 
 `URIRef`'s [`n3()` method](https://rdflib.readthedocs.io/en/stable/apidocs/rdflib.html#rdflib.term.URIRef.n3) tests for [invalid characters](https://github.com/RDFLib/rdflib/blob/main/rdflib/term.py#L101-L108) in the URI and raises an exception upon detection.
+
+### Separation of query and data manipulation interfaces
+
+[DALIA's Fuseki triplestore](https://git.rwth-aachen.de/dalia/backend/fuseki) offers separate HTTP endpoints that support different protocols from the SPARQL protocol family (SPARQL query, SPARQL/Update (SPARUL) and the Graph Store HTTP Protocol (GSP)). Requests that concern querying data should be sent to the read-only endpoints (SPARQL query, GSP read) and requests that concern data manipulation should be sent to the write endpoints (SPARUL and GSP write).