Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Pentesting GraphQL APIs

Avatar for Arun Arun
July 17, 2020
Technology
0
200

Pentesting GraphQL APIs

Avatar for Arun

Arun

July 17, 2020
Tweet

More Decks by Arun

See All by Arun
Offensive-GraphQL-API-Exploitation
Avatar for Arun hehacks
1
320
OWASP DevSlop
Avatar for Arun hehacks
0
31
Android Pentesting For Beginners - RE & Static Code Analysis
Avatar for Arun hehacks
0
110
iOS Pentesting for Beginners
Avatar for Arun hehacks
1
39
Metasploit Database Usage
Avatar for Arun hehacks
0
33

Other Decks in Technology

See All in Technology
CQRS/ESになぜアクターモデルが必要なのか
Avatar for かとじゅん j5ik2o
0
930
BidiAgent と Nova 2 Sonic から​考える音声 AI について
Avatar for Yuuki Yamashita yama3133
2
150
Contract One Engineering Unit 紹介資料
Avatar for Sansan, Inc. sansan33
PRO
0
12k
純粋なイミュータブルモデルを設計してからイベントソーシングと組み合わせるDeciderの実践方法の紹介 /Introducing Decider Pattern with Event Sourcing
Avatar for Tomohisa Takaoka tomohisa
1
980
人工知能のための哲学塾 ニューロフィロソフィ篇 第零夜 「ニューロフィロソフィとは何か?」
Avatar for miyayou miyayou
0
440
Master Dataグループ紹介資料
Avatar for Sansan, Inc. sansan33
PRO
1
4.2k
2025年 山梨の技術コミュニティを振り返る
Avatar for しみず ゆうき yuukis
0
160
自己管理型チームと個人のセルフマネジメント 〜モチベーション編〜
Avatar for KAKEHASHI kakehashi
PRO
5
2.8k
Introduction to Sansan for Engineers / エンジニア向け会社紹介
Avatar for Sansan, Inc. sansan33
PRO
5
61k
ECS_EKS以外の選択肢_ROSA入門_.pdf
Avatar for モブエンジニア(Masaki Okuda) masakiokuda
1
130
Cloud WAN MCP Serverから考える新しいネットワーク運用 / 20251228 Masaki Okuda
Avatar for SHIFT EVOLVE shift_evolve
PRO
0
150
Claude Codeを使った情報整理術
Avatar for 西岡 賢一郎 (Kenichiro Nishioka) knishioka
20
12k

Featured

See All Featured
The Organizational Zoo: Understanding Human Behavior Agility Through Metaphoric Constructive Conversations (based on the works of Arthur Shelley, Ph.D)
Avatar for Dr. Kim W Petersen kimpetersen
PRO
0
210
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
Avatar for Joe Casabona jcasabona
34
2.6k
Navigating Weather and Climate Data
Avatar for Ryan Abernathey rabernat
0
68
Measuring Dark Social's Impact On Conversion and Attribution
Avatar for Stephen Akadiri stephenakadiri
1
100
Amusing Abliteration
Avatar for ianozsvald ianozsvald
0
86
Claude Code のすすめ
Avatar for schroneko schroneko
67
210k
Why Our Code Smells
Avatar for Brandon Keepers bkeepers
PRO
340
58k
Side Projects
Avatar for Sacha Greif sachag
455
43k
Game over? The fight for quality and originality in the time of robots
Avatar for Wayne Barker wayneb77
1
78
No one is an island. Learnings from fostering a developers community.
Avatar for Antonio thoeni
21
3.6k
B2B Lead Gen: Tactics, Traps & Triumph
Avatar for Sophie Logan marketingsoph
0
40
Leadership Guide Workshop - DevTernity 2021
Avatar for David Neal reverentgeek
1
180

Transcript

  1. None
  2. None

  3. graphql { GraphQL GraphQL Architecture REST Vs GraphQL GraphQL Schema

    Introspection Query GraphQL Vulnerabilities Pentesting Tools GraphQL in Action !!! }
  4. None
  5. None
  6. None
  7. None
  8. None

  9. Ref: https://bit.ly/3hLZNO7

  10. Ref: https://bit.ly/3fBQSNk

  11. None
  12. None

  13. • Query – For Retrieving data/Results, similar to GET in

    REST. • Mutation – For Modifications Like POST/PUT/DELETE Operations. • Subscriptions – For Events/Realtime Updates. GraphQL Schema Subscriptions (Type) - EVENTS Mutations (Type) - WRITE Query (Type) - READ
  14. None
  15. None

  16. Change the POST request into GET Request. Append the payload

    on the Endpoint URL from below link https://pastebin.com/QyNaXVKg https://pastebin.com/dFdsTaDQ
  17. None

  18. SQL Injection NoSQL Injection Access Control Related Issues. Mass Assignment

    IDOR Bypassing 2FA/BruteForce Attacks. DOS Attacks etc.,
  19. None
  20. None
  21. None
  22. None
  23. None
  24. None
  25. None
  26. None
  27. None