Pentesting GraphQL APIs

Transcript

1. None
2. None

3. graphql { GraphQL GraphQL Architecture REST Vs GraphQL GraphQL Schema

   Introspection Query GraphQL Vulnerabilities Pentesting Tools GraphQL in Action !!! }
4. None
5. None
6. None
7. None
8. None

9. Ref: https://bit.ly/3hLZNO7

10. Ref: https://bit.ly/3fBQSNk

11. None
12. None

13. • Query – For Retrieving data/Results, similar to GET in

    REST. • Mutation – For Modifications Like POST/PUT/DELETE Operations. • Subscriptions – For Events/Realtime Updates. GraphQL Schema Subscriptions (Type) - EVENTS Mutations (Type) - WRITE Query (Type) - READ
14. None
15. None

16. Change the POST request into GET Request. Append the payload

    on the Endpoint URL from below link https://pastebin.com/QyNaXVKg https://pastebin.com/dFdsTaDQ
17. None

18. SQL Injection NoSQL Injection Access Control Related Issues. Mass Assignment

    IDOR Bypassing 2FA/BruteForce Attacks. DOS Attacks etc.,
19. None
20. None
21. None
22. None
23. None
24. None
25. None
26. None
27. None