Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Pentesting GraphQL APIs
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Arun
July 17, 2020
Technology
200
0
Share
Pentesting GraphQL APIs
Arun
July 17, 2020
More Decks by Arun
See All by Arun
Offensive-GraphQL-API-Exploitation
hehacks
1
330
OWASP DevSlop
hehacks
0
37
Android Pentesting For Beginners - RE & Static Code Analysis
hehacks
0
110
iOS Pentesting for Beginners
hehacks
1
44
Metasploit Database Usage
hehacks
0
37
Other Decks in Technology
See All in Technology
How to install a gem
indirect
0
2.1k
Even G2 クイックスタートガイド(日本語版)
vrshinobi1
0
190
GitHub Actions侵害 — 相次ぐ事例を振り返り、次なる脅威に備える
flatt_security
12
7.3k
Amazon Qはアマコネで頑張っています〜 Amazon Q in Connectについて〜
yama3133
1
170
最大のアウトプット術は問題を作ること
ryoaccount
0
260
Kiro Meetup #7 Kiro アップデート (2025/12/15〜2026/3/20)
katzueno
2
280
サイボウズ 開発本部採用ピッチ / Cybozu Engineer Recruit
cybozuinsideout
PRO
10
77k
やさしいとこから始めるGitHubリポジトリのセキュリティ
tsubakimoto_s
3
2.1k
Sansanの認証基盤を支えるアーキテクチャとその振り返り
sansantech
PRO
1
150
AWSで2番目にリリースされたサービスについてお話しします(諸説あります)
yama3133
0
110
Cortex Codeでデータの仕事を全部Agenticにやりきろう!
gappy50
0
170
【AWS】CloudTrail LakeとCloudWatch Logs Insightsの使い分け方針
tsurunosd
0
130
Featured
See All Featured
How People are Using Generative and Agentic AI to Supercharge Their Products, Projects, Services and Value Streams Today
helenjbeal
1
150
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
16
1.9k
Automating Front-end Workflow
addyosmani
1370
200k
The Hidden Cost of Media on the Web [PixelPalooza 2025]
tammyeverts
2
260
Agile that works and the tools we love
rasmusluckow
331
21k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
32
2.8k
How to build an LLM SEO readiness audit: a practical framework
nmsamuel
1
700
Context Engineering - Making Every Token Count
addyosmani
9
790
[RailsConf 2023] Rails as a piece of cake
palkan
59
6.4k
エンジニアに許された特別な時間の終わり
watany
106
240k
The Organizational Zoo: Understanding Human Behavior Agility Through Metaphoric Constructive Conversations (based on the works of Arthur Shelley, Ph.D)
kimpetersen
PRO
0
290
Max Prin - Stacking Signals: How International SEO Comes Together (And Falls Apart)
techseoconnect
PRO
0
140
Transcript
None
None
graphql { GraphQL GraphQL Architecture REST Vs GraphQL GraphQL Schema
Introspection Query GraphQL Vulnerabilities Pentesting Tools GraphQL in Action !!! }
None
None
None
None
None
Ref: https://bit.ly/3hLZNO7
Ref: https://bit.ly/3fBQSNk
None
None
• Query – For Retrieving data/Results, similar to GET in
REST. • Mutation – For Modifications Like POST/PUT/DELETE Operations. • Subscriptions – For Events/Realtime Updates. GraphQL Schema Subscriptions (Type) - EVENTS Mutations (Type) - WRITE Query (Type) - READ
None
None
Change the POST request into GET Request. Append the payload
on the Endpoint URL from below link https://pastebin.com/QyNaXVKg https://pastebin.com/dFdsTaDQ
None
SQL Injection NoSQL Injection Access Control Related Issues. Mass Assignment
IDOR Bypassing 2FA/BruteForce Attacks. DOS Attacks etc.,
None
None
None
None
None
None
None
None
None
hehacks
indirect
vrshinobi1
flatt_security
yama3133
ryoaccount
katzueno
cybozuinsideout
tsubakimoto_s
sansantech
gappy50
tsurunosd
.png){kind=avatar}
helenjbeal
reverentgeek
addyosmani
tammyeverts
rasmusluckow
bluesmoon
nmsamuel
palkan
watany
kimpetersen
techseoconnect
