Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Pentesting GraphQL APIs
Search
Arun
July 17, 2020
Technology
0
180
Pentesting GraphQL APIs
Arun
July 17, 2020
Tweet
Share
More Decks by Arun
See All by Arun
Offensive-GraphQL-API-Exploitation
hehacks
1
290
OWASP DevSlop
hehacks
0
18
Android Pentesting For Beginners - RE & Static Code Analysis
hehacks
0
85
iOS Pentesting for Beginners
hehacks
1
25
Metasploit Database Usage
hehacks
0
18
Other Decks in Technology
See All in Technology
Amazon CloudWatch Network Monitor のススメ
yuki_ink
1
210
Making your applications cross-environment - OSCG 2024 NA
salaboy
0
190
いざ、BSC討伐の旅
nikinusu
2
780
Why App Signing Matters for Your Android Apps - Android Bangkok Conference 2024
akexorcist
0
130
Application Development WG Intro at AppDeveloperCon
salaboy
0
190
SREによる隣接領域への越境とその先の信頼性
shonansurvivors
2
520
Introduction to Works of ML Engineer in LY Corporation
lycorp_recruit_jp
0
130
個人でもIAM Identity Centerを使おう!(アクセス管理編)
ryder472
4
220
リンクアンドモチベーション ソフトウェアエンジニア向け紹介資料 / Introduction to Link and Motivation for Software Engineers
lmi
4
300k
OTelCol_TailSampling_and_SpanMetrics
gumamon
1
180
Terraform Stacks入門 #HashiTalks
msato
0
360
20241120_JAWS_東京_ランチタイムLT#17_AWS認定全冠の先へ
tsumita
2
290
Featured
See All Featured
Optimizing for Happiness
mojombo
376
70k
Intergalactic Javascript Robots from Outer Space
tanoku
269
27k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
246
1.3M
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
329
21k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
665
120k
Automating Front-end Workflow
addyosmani
1366
200k
GraphQLの誤解/rethinking-graphql
sonatard
67
10k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
0
96
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
131
33k
Embracing the Ebb and Flow
colly
84
4.5k
Measuring & Analyzing Core Web Vitals
bluesmoon
4
130
For a Future-Friendly Web
brad_frost
175
9.4k
Transcript
None
None
graphql { GraphQL GraphQL Architecture REST Vs GraphQL GraphQL Schema
Introspection Query GraphQL Vulnerabilities Pentesting Tools GraphQL in Action !!! }
None
None
None
None
None
Ref: https://bit.ly/3hLZNO7
Ref: https://bit.ly/3fBQSNk
None
None
• Query – For Retrieving data/Results, similar to GET in
REST. • Mutation – For Modifications Like POST/PUT/DELETE Operations. • Subscriptions – For Events/Realtime Updates. GraphQL Schema Subscriptions (Type) - EVENTS Mutations (Type) - WRITE Query (Type) - READ
None
None
Change the POST request into GET Request. Append the payload
on the Endpoint URL from below link https://pastebin.com/QyNaXVKg https://pastebin.com/dFdsTaDQ
None
SQL Injection NoSQL Injection Access Control Related Issues. Mass Assignment
IDOR Bypassing 2FA/BruteForce Attacks. DOS Attacks etc.,
None
None
None
None
None
None
None
None
None