Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Pentesting GraphQL APIs

Avatar for Arun Arun
July 17, 2020
Technology
210
0

Pentesting GraphQL APIs

Avatar for Arun

Arun

July 17, 2020

More Decks by Arun

See All by Arun
Offensive-GraphQL-API-Exploitation
Avatar for Arun hehacks
1
340
OWASP DevSlop
Avatar for Arun hehacks
0
43
Android Pentesting For Beginners - RE & Static Code Analysis
Avatar for Arun hehacks
0
120
iOS Pentesting for Beginners
Avatar for Arun hehacks
1
46
Metasploit Database Usage
Avatar for Arun hehacks
0
39

Other Decks in Technology

See All in Technology
はじめてのDatadog
Avatar for KairiM kairim0
0
240
Claude Codeですべての日常業務を爆速化しよう!
Avatar for みのるん minorun365
PRO
16
16k
Java正規表現エンジン(NFA)の仕組みと パフォーマンスを維持するための最適化手法
Avatar for 竹内 雅和 takeuchi_132917
0
160
関西に縁あるMicrosoft MVPsが語るCopilotの未来
Avatar for Kaz Asada | しがない情シス kasada
0
670
Fabric-cicd によるAzure DevOps デプロイ
Avatar for Ryoma Nagata ryomaru0825
0
160
ポスター発表&デモと総括 / Poster Presentations & Demonstrations and Summary
Avatar for Kenji Saito ks91
PRO
0
180
探して_入れて_作って_使う_Agent_Skills___LT.pdf
Avatar for 松尾淳平 peintangos
2
100
AI-DLCを活用した高品質・安全なAI駆動開発実践 / AI Driven Development
Avatar for 吉田真吾 yoshidashingo
1
270
イベントストーミングとKiroの仕様駆動開発で実現する要件の認識合わせプロセス
Avatar for syobochim syobochim
7
980
基礎から解説!Icebergで紐解くSnowflake×Databricks連携の現在地
Avatar for TomokiYasuhara cm_yasuhara
0
410
JJUG CCC 2026 Spring AI時代の開発こそ標準化を武器に! ― 方式・プロセス・プラットフォームの標準化
Avatar for WatanabeShun s27watanabe
2
640
「使われるデータ基盤」を目指してデータアナリストとワークショップをやった話
Avatar for jackojacko_ jackojacko_
2
940

Featured

See All Featured
Jamie Indigo - Trashchat’s Guide to Black Boxes: Technical SEO Tactics for LLMs
Avatar for Tech SEO Connect techseoconnect
PRO
0
150
Optimising Largest Contentful Paint
Avatar for Harry Roberts csswizardry
37
3.7k
Darren the Foodie - Storyboard
Avatar for Kevinho.art khoart
PRO
3
3.4k
The Invisible Side of Design
Avatar for Vitaly Friedman smashingmag
302
52k
10 Git Anti Patterns You Should be Aware of
Avatar for Lemi Orhan Ergin lemiorhan
PRO
659
62k
The MySQL Ecosystem @ GitHub 2015
Avatar for Sam Lambert samlambert
251
13k
Skip the Path - Find Your Career Trail
Avatar for Mark Kilby mkilby
1
130
My Coaching Mixtape
Avatar for mlcsv mlcsv
0
140
Build your cross-platform service in a week with App Engine
Avatar for Jose L jlugia
234
18k
How to make the Groovebox
Avatar for あそなす asonas
2
2.2k
Evolving SEO for Evolving Search Engines
Avatar for Ryan Jones ryanjones
0
210
16th Malabo Montpellier Forum Presentation
Avatar for AKADEMIYA2063 akademiya2063
PRO
0
130

Transcript

  1. None
  2. None

  3. graphql { GraphQL GraphQL Architecture REST Vs GraphQL GraphQL Schema

    Introspection Query GraphQL Vulnerabilities Pentesting Tools GraphQL in Action !!! }
  4. None
  5. None
  6. None
  7. None
  8. None

  9. Ref: https://bit.ly/3hLZNO7

  10. Ref: https://bit.ly/3fBQSNk

  11. None
  12. None

  13. • Query – For Retrieving data/Results, similar to GET in

    REST. • Mutation – For Modifications Like POST/PUT/DELETE Operations. • Subscriptions – For Events/Realtime Updates. GraphQL Schema Subscriptions (Type) - EVENTS Mutations (Type) - WRITE Query (Type) - READ
  14. None
  15. None

  16. Change the POST request into GET Request. Append the payload

    on the Endpoint URL from below link https://pastebin.com/QyNaXVKg https://pastebin.com/dFdsTaDQ
  17. None

  18. SQL Injection NoSQL Injection Access Control Related Issues. Mass Assignment

    IDOR Bypassing 2FA/BruteForce Attacks. DOS Attacks etc.,
  19. None
  20. None
  21. None
  22. None
  23. None
  24. None
  25. None
  26. None
  27. None