Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Pentesting GraphQL APIs
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Arun
July 17, 2020
Technology
210
0
Share
Pentesting GraphQL APIs
Arun
July 17, 2020
More Decks by Arun
See All by Arun
Offensive-GraphQL-API-Exploitation
hehacks
1
340
OWASP DevSlop
hehacks
0
43
Android Pentesting For Beginners - RE & Static Code Analysis
hehacks
0
120
iOS Pentesting for Beginners
hehacks
1
46
Metasploit Database Usage
hehacks
0
39
Other Decks in Technology
See All in Technology
先取りMaven4 ~16年ぶりのメジャーアップデート、その進化とは?~
ogiwarat
0
110
脅威をエンジニアリングの糧にして:恐怖を乗り越えた先にあったもの / Turn threats into fuel for engineering: what lay beyond overcoming fear
nrslib
1
360
Claude Codeを組織で使いこなす— サーバサイドAIエージェント運用の実践知
techtekt
PRO
0
130
基礎から解説!Icebergで紐解くSnowflake×Databricks連携の現在地
cm_yasuhara
0
410
NFLコンペ2026 解法
lycorptech_jp
PRO
0
130
layerx-fde-practices
cipepser
6
2.9k
もりもり新機能を一挙紹介! AgentCoreに入門して、AWS上にAIエージェントを構築しよう
minorun365
PRO
5
350
開発を止めない CI/CD ~CI Visibilityによる継続的最適化~
pensuke628
0
220
食べログのサーキットブレーカー導入を振り返って
atpons
1
160
Unlocking the Apps
pimterry
0
130
Ruby::Boxでできること、Refinementsでできること
joker1007
2
110
Amazon Bedrock 経由の Claude Cowork を試してみよう・MCP にも繋いでみよう
sugimomoto
0
280
Featured
See All Featured
Building a A Zero-Code AI SEO Workflow
portentint
PRO
0
540
Discover your Explorer Soul
emna__ayadi
2
1.1k
Navigating the moral maze — ethical principles for Al-driven product design
skipperchong
2
370
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
141
35k
Leveraging Curiosity to Care for An Aging Population
cassininazir
1
250
HTML-Aware ERB: The Path to Reactive Rendering @ RubyCon 2026, Rimini, Italy
marcoroth
1
130
VelocityConf: Rendering Performance Case Studies
addyosmani
333
25k
It's Worth the Effort
3n
188
29k
How to Grow Your eCommerce with AI & Automation
katarinadahlin
PRO
1
190
Jamie Indigo - Trashchat’s Guide to Black Boxes: Technical SEO Tactics for LLMs
techseoconnect
PRO
0
150
Thoughts on Productivity
jonyablonski
76
5.2k
Hiding What from Whom? A Critical Review of the History of Programming languages for Music
tomoyanonymous
2
830
Transcript
None
None
graphql { GraphQL GraphQL Architecture REST Vs GraphQL GraphQL Schema
Introspection Query GraphQL Vulnerabilities Pentesting Tools GraphQL in Action !!! }
None
None
None
None
None
Ref: https://bit.ly/3hLZNO7
Ref: https://bit.ly/3fBQSNk
None
None
• Query – For Retrieving data/Results, similar to GET in
REST. • Mutation – For Modifications Like POST/PUT/DELETE Operations. • Subscriptions – For Events/Realtime Updates. GraphQL Schema Subscriptions (Type) - EVENTS Mutations (Type) - WRITE Query (Type) - READ
None
None
Change the POST request into GET Request. Append the payload
on the Endpoint URL from below link https://pastebin.com/QyNaXVKg https://pastebin.com/dFdsTaDQ
None
SQL Injection NoSQL Injection Access Control Related Issues. Mass Assignment
IDOR Bypassing 2FA/BruteForce Attacks. DOS Attacks etc.,
None
None
None
None
None
None
None
None
None
hehacks
ogiwarat
nrslib
techtekt
cm_yasuhara
lycorptech_jp
cipepser
minorun365
pensuke628
atpons
pimterry
joker1007
sugimomoto
portentint
emna__ayadi
skipperchong
eileencodes
cassininazir
marcoroth
addyosmani
3n
katarinadahlin
techseoconnect
jonyablonski
tomoyanonymous
