Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Pentesting GraphQL APIs
Search
Arun
July 17, 2020
Technology
0
190
Pentesting GraphQL APIs
Arun
July 17, 2020
Tweet
Share
More Decks by Arun
See All by Arun
Offensive-GraphQL-API-Exploitation
hehacks
1
300
OWASP DevSlop
hehacks
0
22
Android Pentesting For Beginners - RE & Static Code Analysis
hehacks
0
94
iOS Pentesting for Beginners
hehacks
1
27
Metasploit Database Usage
hehacks
0
21
Other Decks in Technology
See All in Technology
Redefine_Possible
upsider_tech
0
280
大規模アジャイル開発のリアル!コミュニケーション×進捗管理×高品質
findy_eventslides
0
560
チームの性質によって変わる ADR との向き合い方と、生成 AI 時代のこれから / How to deal with ADR depends on the characteristics of the team
mh4gf
4
340
銀行でDevOpsを進める理由と実践例 / 20250317 Masaki Iwama
shift_evolve
1
110
30代エンジニアが考える、エンジニア生存戦略~~セキュリティを添えて~~
masakiokuda
4
2k
ウェブアクセシビリティとは
lycorptech_jp
PRO
0
280
製造業の会計システムをDDDで開発した話
caddi_eng
3
980
Amazon Q Developer 他⽣成AIと⽐較してみた
takano0131
1
120
一人QA時代が終わり、 QAチームが立ち上がった話
ma_cho29
0
290
どっちの API SHOW?SharePoint 開発における SharePoint REST API Microsoft Graph API の違い / Which API show? Differences between Microsoft Graph API and SharePoint REST API
karamem0
0
110
OPENLOGI Company Profile
hr01
0
61k
Riverpod & Riverpod Generatorを利用して状態管理部分の処理を書き換えてみる簡単な事例紹介
fumiyasac0921
0
110
Featured
See All Featured
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
4
500
VelocityConf: Rendering Performance Case Studies
addyosmani
328
24k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
Building Your Own Lightsaber
phodgson
104
6.3k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
102
18k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
Site-Speed That Sticks
csswizardry
4
450
Become a Pro
speakerdeck
PRO
27
5.2k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
40
2k
The Cost Of JavaScript in 2023
addyosmani
48
7.6k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
331
21k
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
Transcript
None
None
graphql { GraphQL GraphQL Architecture REST Vs GraphQL GraphQL Schema
Introspection Query GraphQL Vulnerabilities Pentesting Tools GraphQL in Action !!! }
None
None
None
None
None
Ref: https://bit.ly/3hLZNO7
Ref: https://bit.ly/3fBQSNk
None
None
• Query – For Retrieving data/Results, similar to GET in
REST. • Mutation – For Modifications Like POST/PUT/DELETE Operations. • Subscriptions – For Events/Realtime Updates. GraphQL Schema Subscriptions (Type) - EVENTS Mutations (Type) - WRITE Query (Type) - READ
None
None
Change the POST request into GET Request. Append the payload
on the Endpoint URL from below link https://pastebin.com/QyNaXVKg https://pastebin.com/dFdsTaDQ
None
SQL Injection NoSQL Injection Access Control Related Issues. Mass Assignment
IDOR Bypassing 2FA/BruteForce Attacks. DOS Attacks etc.,
None
None
None
None
None
None
None
None
None
hehacks
upsider_tech
findy_eventslides
mh4gf
shift_evolve
masakiokuda
lycorptech_jp
caddi_eng
takano0131
ma_cho29
karamem0
hr01
fumiyasac0921
tammyeverts
addyosmani
stephaniewalter
phodgson
panda_program
keavy
csswizardry
speakerdeck
bcantrill
caitiem20
chriscoyier
