Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Pentesting GraphQL APIs
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Arun
July 17, 2020
Technology
0
200
Pentesting GraphQL APIs
Arun
July 17, 2020
Tweet
Share
More Decks by Arun
See All by Arun
Offensive-GraphQL-API-Exploitation
hehacks
1
320
OWASP DevSlop
hehacks
0
31
Android Pentesting For Beginners - RE & Static Code Analysis
hehacks
0
110
iOS Pentesting for Beginners
hehacks
1
39
Metasploit Database Usage
hehacks
0
33
Other Decks in Technology
See All in Technology
ZOZOにおけるAI活用の現在 ~開発組織全体での取り組みと試行錯誤~
zozotech
PRO
4
4.7k
日本の85%が使う公共SaaSは、どう育ったのか
taketakekaho
1
130
変化するコーディングエージェントとの現実的な付き合い方 〜Cursor安定択説と、ツールに依存しない「資産」〜
empitsu
4
1.3k
今日から始める Amazon Bedrock AgentCore
har1101
4
380
Introduction to Sansan, inc / Sansan Global Development Center, Inc.
sansan33
PRO
0
3k
名刺メーカーDevグループ 紹介資料
sansan33
PRO
0
1k
学生・新卒・ジュニアから目指すSRE
hiroyaonoe
2
520
10Xにおける品質保証活動の全体像と改善 #no_more_wait_for_test
nihonbuson
PRO
1
150
Introduction to Sansan for Engineers / エンジニア向け会社紹介
sansan33
PRO
6
67k
All About Sansan – for New Global Engineers
sansan33
PRO
1
1.3k
Introduction to Bill One Development Engineer
sansan33
PRO
0
360
Webhook best practices for rock solid and resilient deployments
glaforge
1
250
Featured
See All Featured
コードの90%をAIが書く世界で何が待っているのか / What awaits us in a world where 90% of the code is written by AI
rkaga
60
42k
From Legacy to Launchpad: Building Startup-Ready Communities
dugsong
0
140
Believing is Seeing
oripsolob
1
50
Chasing Engaging Ingredients in Design
codingconduct
0
110
How to build an LLM SEO readiness audit: a practical framework
nmsamuel
1
640
Beyond borders and beyond the search box: How to win the global "messy middle" with AI-driven SEO
davidcarrasco
1
47
Code Reviewing Like a Champion
maltzj
527
40k
Leveraging Curiosity to Care for An Aging Population
cassininazir
1
150
The innovator’s Mindset - Leading Through an Era of Exponential Change - McGill University 2025
jdejongh
PRO
1
88
Ethics towards AI in product and experience design
skipperchong
2
190
Skip the Path - Find Your Career Trail
mkilby
0
52
Deep Space Network (abreviated)
tonyrice
0
44
Transcript
None
None
graphql { GraphQL GraphQL Architecture REST Vs GraphQL GraphQL Schema
Introspection Query GraphQL Vulnerabilities Pentesting Tools GraphQL in Action !!! }
None
None
None
None
None
Ref: https://bit.ly/3hLZNO7
Ref: https://bit.ly/3fBQSNk
None
None
• Query – For Retrieving data/Results, similar to GET in
REST. • Mutation – For Modifications Like POST/PUT/DELETE Operations. • Subscriptions – For Events/Realtime Updates. GraphQL Schema Subscriptions (Type) - EVENTS Mutations (Type) - WRITE Query (Type) - READ
None
None
Change the POST request into GET Request. Append the payload
on the Endpoint URL from below link https://pastebin.com/QyNaXVKg https://pastebin.com/dFdsTaDQ
None
SQL Injection NoSQL Injection Access Control Related Issues. Mass Assignment
IDOR Bypassing 2FA/BruteForce Attacks. DOS Attacks etc.,
None
None
None
None
None
None
None
None
None
SiteGround - Reliable hosting with speed, security, and support you can count on.
hehacks
zozotech
taketakekaho
empitsu
har1101
sansan33
hiroyaonoe
nihonbuson
glaforge
rkaga
dugsong
oripsolob
codingconduct
nmsamuel
davidcarrasco
maltzj
cassininazir
jdejongh
skipperchong
mkilby
tonyrice
