Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Pentesting GraphQL APIs
Search
Arun
July 17, 2020
Technology
0
190
Pentesting GraphQL APIs
Arun
July 17, 2020
Tweet
Share
More Decks by Arun
See All by Arun
Offensive-GraphQL-API-Exploitation
hehacks
1
310
OWASP DevSlop
hehacks
0
28
Android Pentesting For Beginners - RE & Static Code Analysis
hehacks
0
98
iOS Pentesting for Beginners
hehacks
1
32
Metasploit Database Usage
hehacks
0
23
Other Decks in Technology
See All in Technology
AIコードアシスタントとiOS開発
jollyjoester
1
230
ML Pipelineの開発と運用を OpenTelemetryで繋ぐ @ OpenTelemetry Meetup 2025-07
getty708
0
240
M365アカウント侵害時の初動対応
lhazy
7
4.5k
複数のGemini CLIが同時開発する狂気 - Jujutsuが実現するAIエージェント協調の新世界
gunta
12
3.2k
FAST導入1年間のふりかえり〜現実を直視し、さらなる進化を求めて〜 / Review of the first year of FAST implementation
wooootack
1
120
20250718_ITSurf_“Bet AI”を支える文化とコストマネジメント
helosshi
1
210
MCPと認可まわりの話 / mcp_and_authorization
convto
1
140
RapidPen: AIエージェントによる高度なペネトレーションテスト自動化の研究開発
laysakura
1
390
Data Engineering Study#30 LT資料
tetsuroito
1
560
ecspressoの設計思想に至る道 / sekkeinight2025
fujiwara3
9
1.4k
ゼロから始めるSREの事業貢献 - 生成AI時代のSRE成長戦略と実践 / Starting SRE from Day One
shinyorke
PRO
0
230
エンジニアリングマネージャー“お悩み相談”パネルセッション
ar_tama
1
650
Featured
See All Featured
Making Projects Easy
brettharned
116
6.3k
The Invisible Side of Design
smashingmag
301
51k
How to Ace a Technical Interview
jacobian
278
23k
Git: the NoSQL Database
bkeepers
PRO
431
65k
RailsConf 2023
tenderlove
30
1.2k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
161
15k
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
Mobile First: as difficult as doing things right
swwweet
223
9.7k
BBQ
matthewcrist
89
9.7k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
126
53k
Adopting Sorbet at Scale
ufuk
77
9.5k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
21
1.3k
Transcript
None
None
graphql { GraphQL GraphQL Architecture REST Vs GraphQL GraphQL Schema
Introspection Query GraphQL Vulnerabilities Pentesting Tools GraphQL in Action !!! }
None
None
None
None
None
Ref: https://bit.ly/3hLZNO7
Ref: https://bit.ly/3fBQSNk
None
None
• Query – For Retrieving data/Results, similar to GET in
REST. • Mutation – For Modifications Like POST/PUT/DELETE Operations. • Subscriptions – For Events/Realtime Updates. GraphQL Schema Subscriptions (Type) - EVENTS Mutations (Type) - WRITE Query (Type) - READ
None
None
Change the POST request into GET Request. Append the payload
on the Endpoint URL from below link https://pastebin.com/QyNaXVKg https://pastebin.com/dFdsTaDQ
None
SQL Injection NoSQL Injection Access Control Related Issues. Mass Assignment
IDOR Bypassing 2FA/BruteForce Attacks. DOS Attacks etc.,
None
None
None
None
None
None
None
None
None
hehacks
jollyjoester
getty708
lhazy
gunta
wooootack
helosshi
convto
laysakura
tetsuroito
fujiwara3
shinyorke
ar_tama
brettharned
smashingmag
jacobian
bkeepers
tenderlove
sstephenson
keithpitt
swwweet
matthewcrist
aki_iinuma
ufuk
honnibal
