Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Pentesting GraphQL APIs
Search
Arun
July 17, 2020
Technology
0
180
Pentesting GraphQL APIs
Arun
July 17, 2020
Tweet
Share
More Decks by Arun
See All by Arun
Offensive-GraphQL-API-Exploitation
hehacks
1
290
OWASP DevSlop
hehacks
0
18
Android Pentesting For Beginners - RE & Static Code Analysis
hehacks
0
87
iOS Pentesting for Beginners
hehacks
1
25
Metasploit Database Usage
hehacks
0
18
Other Decks in Technology
See All in Technology
re:Invent をおうちで楽しんでみた ~CloudWatch のオブザーバビリティ機能がスゴい!/ Enjoyed AWS re:Invent from Home and CloudWatch Observability Feature is Amazing!
yuj1osm
0
120
Oracle Cloud Infrastructure:2024年12月度サービス・アップデート
oracle4engineer
PRO
0
180
【re:Invent 2024 アプデ】 Prompt Routing の紹介
champ
0
140
社内イベント管理システムを1週間でAKSからACAに移行した話し
shingo_kawahara
0
190
2024年にチャレンジしたことを振り返るぞ
mitchan
0
140
Microsoft Azure全冠になってみた ~アレを使い倒した者が試験を制す!?~/Obtained all Microsoft Azure certifications Those who use "that" to the full will win the exam! ?
yuj1osm
2
110
20241220_S3 tablesの使い方を検証してみた
handy
4
510
alecthomas/kong はいいぞ / kamakura.go#7
fujiwara3
1
300
生成AIのガバナンスの全体像と現実解
fnifni
1
190
NilAway による静的解析で「10 億ドル」を節約する #kyotogo / Kyoto Go 56th
ytaka23
3
380
[Ruby] Develop a Morse Code Learning Gem & Beep from Strings
oguressive
1
160
統計データで2024年の クラウド・インフラ動向を眺める
ysknsid25
2
840
Featured
See All Featured
How STYLIGHT went responsive
nonsquared
95
5.2k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
251
21k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
191
16k
A Modern Web Designer's Workflow
chriscoyier
693
190k
StorybookのUI Testing Handbookを読んだ
zakiyama
27
5.3k
Fontdeck: Realign not Redesign
paulrobertlloyd
82
5.3k
Measuring & Analyzing Core Web Vitals
bluesmoon
4
170
Code Reviewing Like a Champion
maltzj
520
39k
[RailsConf 2023] Rails as a piece of cake
palkan
53
5k
Making the Leap to Tech Lead
cromwellryan
133
9k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
32
2.7k
Fashionably flexible responsive web design (full day workshop)
malarkey
405
66k
Transcript
None
None
graphql { GraphQL GraphQL Architecture REST Vs GraphQL GraphQL Schema
Introspection Query GraphQL Vulnerabilities Pentesting Tools GraphQL in Action !!! }
None
None
None
None
None
Ref: https://bit.ly/3hLZNO7
Ref: https://bit.ly/3fBQSNk
None
None
• Query – For Retrieving data/Results, similar to GET in
REST. • Mutation – For Modifications Like POST/PUT/DELETE Operations. • Subscriptions – For Events/Realtime Updates. GraphQL Schema Subscriptions (Type) - EVENTS Mutations (Type) - WRITE Query (Type) - READ
None
None
Change the POST request into GET Request. Append the payload
on the Endpoint URL from below link https://pastebin.com/QyNaXVKg https://pastebin.com/dFdsTaDQ
None
SQL Injection NoSQL Injection Access Control Related Issues. Mass Assignment
IDOR Bypassing 2FA/BruteForce Attacks. DOS Attacks etc.,
None
None
None
None
None
None
None
None
None