Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Pentesting GraphQL APIs
Search
Arun
July 17, 2020
Technology
210
0
Share
Pentesting GraphQL APIs
Arun
July 17, 2020
More Decks by Arun
See All by Arun
Offensive-GraphQL-API-Exploitation
hehacks
1
330
OWASP DevSlop
hehacks
0
40
Android Pentesting For Beginners - RE & Static Code Analysis
hehacks
0
120
iOS Pentesting for Beginners
hehacks
1
44
Metasploit Database Usage
hehacks
0
37
Other Decks in Technology
See All in Technology
Introduction to Bill One Development Engineer
sansan33
PRO
0
410
Keeping Ruby Running on Cygwin
fd0
0
150
AzureのIaC管理からログ調査まで、随所に役立つSkillsとCustom-Instructions / Boosting IaC and Log Analysis with Skills
aeonpeople
0
230
AIが書いたコードを信じられない問題 〜レビュー負荷を下げるために変えたこと〜 / The AI Code Trust Gap: Reducing the Review Burden
bitkey
PRO
6
1.3k
AI バイブコーティングでキーボード不要?!
samakada
0
550
Microsoft 365 / Microsoft 365 Copilot : 自分の状態を確認する「ラベル」について
taichinakamura
0
170
AI駆動1on1〜AIに自分を育ててもらう〜
yoshiakiyasuda
0
120
ぼくがかんがえたさいきょうのあうとぷっと
yama3133
0
190
No Types Needed, Just Callable Method Check
dak2
1
1.1k
AWS Agent Registry の基礎・概要を理解する/aws-agent-registry-intro
ren8k
3
370
Pure Intonation on Browser: Building a Sequencer with Ruby
nagachika
0
100
研究開発部メンバーの働き⽅ / Sansan R&D Profile
sansan33
PRO
4
23k
Featured
See All Featured
Claude Code どこまでも/ Claude Code Everywhere
nwiizo
64
55k
Product Roadmaps are Hard
iamctodd
PRO
55
12k
Groundhog Day: Seeking Process in Gaming for Health
codingconduct
0
140
The AI Search Optimization Roadmap by Aleyda Solis
aleyda
1
5.6k
How to build an LLM SEO readiness audit: a practical framework
nmsamuel
1
710
Public Speaking Without Barfing On Your Shoes - THAT 2023
reverentgeek
1
370
Highjacked: Video Game Concept Design
rkendrick25
PRO
1
340
Efficient Content Optimization with Google Search Console & Apps Script
katarinadahlin
PRO
1
500
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
21
1.4k
Why You Should Never Use an ORM
jnunemaker
PRO
61
9.8k
Building Experiences: Design Systems, User Experience, and Full Site Editing
marktimemedia
0
480
Sam Torres - BigQuery for SEOs
techseoconnect
PRO
0
250
Transcript
None
None
graphql { GraphQL GraphQL Architecture REST Vs GraphQL GraphQL Schema
Introspection Query GraphQL Vulnerabilities Pentesting Tools GraphQL in Action !!! }
None
None
None
None
None
Ref: https://bit.ly/3hLZNO7
Ref: https://bit.ly/3fBQSNk
None
None
• Query – For Retrieving data/Results, similar to GET in
REST. • Mutation – For Modifications Like POST/PUT/DELETE Operations. • Subscriptions – For Events/Realtime Updates. GraphQL Schema Subscriptions (Type) - EVENTS Mutations (Type) - WRITE Query (Type) - READ
None
None
Change the POST request into GET Request. Append the payload
on the Endpoint URL from below link https://pastebin.com/QyNaXVKg https://pastebin.com/dFdsTaDQ
None
SQL Injection NoSQL Injection Access Control Related Issues. Mass Assignment
IDOR Bypassing 2FA/BruteForce Attacks. DOS Attacks etc.,
None
None
None
None
None
None
None
None
None
hehacks
sansan33
fd0
aeonpeople
bitkey
samakada
taichinakamura
.png){kind=avatar}
yoshiakiyasuda
yama3133
dak2
ren8k
nagachika
nwiizo
iamctodd
codingconduct
aleyda
nmsamuel
reverentgeek
rkendrick25
katarinadahlin
sergeychernyshev
jnunemaker
marktimemedia
techseoconnect
