Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Pentesting GraphQL APIs

Sponsored · Ship Features Fearlessly Turn features on and off without deploys. Used by thousands of Ruby developers.
Avatar for Arun Arun
July 17, 2020
Technology
210
0

Pentesting GraphQL APIs

Avatar for Arun

Arun

July 17, 2020

More Decks by Arun

See All by Arun
Offensive-GraphQL-API-Exploitation
Avatar for Arun hehacks
1
340
OWASP DevSlop
Avatar for Arun hehacks
0
40
Android Pentesting For Beginners - RE & Static Code Analysis
Avatar for Arun hehacks
0
120
iOS Pentesting for Beginners
Avatar for Arun hehacks
1
45
Metasploit Database Usage
Avatar for Arun hehacks
0
38

Other Decks in Technology

See All in Technology
古今東西SRE
Avatar for Kaoru okaru
2
180
カオナビに Suspenseを導入するまで / The Road to Suspense at kaonavi
Avatar for 株式会社カオナビ kaonavi
1
450
毎日の作業を Claude Code 経由にしたら、 ノウハウがコードになった
Avatar for Hajime KOSHIRO kossykinto
1
1.3k
変化の激しい時代をゴキゲンに生き抜くために 〜ストレスマネジメントのススメ〜
Avatar for KAKEHASHI kakehashi
PRO
5
1.3k
QAエンジニアはどうやって プロダクト議論の場に入れるのか?
Avatar for Sammy(MoritaMasami) moritamasami
2
420
The 7 pitfalls of AI
Avatar for Uwe Friedrichsen ufried
0
210
エージェント時代の UIとAPI、CLI戦略
Avatar for coincheck coincheck_recruit
0
170
[Scram Fest Niigata2026]Quality as Code〜AIにQAの思考を再現させる試み〜
Avatar for Masami Yajiri masamiyajiri
1
310
『生成AI時代のクレデンシャルとパーミッション設計 — Claude Code を起点に』の執筆企画
Avatar for Takuro SASAKI takuros
3
2.3k
20260507-ACL-seminar
Avatar for Satoshi5884 satoshi5884
0
110
100マイクロサービスのTerraform/Kubernetes管理地獄から抜け出すためのAI活用術
Avatar for Masaki Ishigaki markie1009
0
140
新卒エンジニア研修、ハンズオンの設計における課題と実践知/ #tachikawaany
Avatar for Ichiro Nishiuma nishiuma
2
140

Featured

See All Featured
How to build a perfect <img>
Avatar for Jono Alderson jonoalderson
1
5.5k
BBQ
Avatar for Matthew Crist matthewcrist
89
10k
AI in Enterprises - Java and Open Source to the Rescue
Avatar for ivargrimstad ivargrimstad
0
1.3k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
Avatar for Eileen M. Uchitelle eileencodes
28
3.5k
The innovator’s Mindset - 
Leading Through an Era of Exponential Change - McGill University 2025
Avatar for Jean-Marc De Jonghe jdejongh
PRO
1
170
Ruling the World: When Life Gets Gamed
Avatar for Sebastian Deterding codingconduct
0
220
How to build an LLM SEO readiness audit: a practical framework
Avatar for Nick Samuel nmsamuel
1
740
Future Trends and Review - Lecture 12 - Web Technologies (1019888BNR)
Avatar for Beat Signer signer
PRO
0
3.5k
The Mindset for Success: Future Career Progression
Avatar for Greg Gifford greggifford
PRO
0
330
SEO Brein meetup: CTRL+C is not how to scale international SEO
Avatar for Linda Hogenes lindahogenes
1
2.6k
The Director’s Chair: Orchestrating AI for Truly Effective Learning
Avatar for Mike Taylor tmiket
1
160
Sharpening the Axe: The Primacy of Toolmaking
Avatar for Bryan Cantrill bcantrill
46
2.8k

Transcript

  1. None
  2. None

  3. graphql { GraphQL GraphQL Architecture REST Vs GraphQL GraphQL Schema

    Introspection Query GraphQL Vulnerabilities Pentesting Tools GraphQL in Action !!! }
  4. None
  5. None
  6. None
  7. None
  8. None

  9. Ref: https://bit.ly/3hLZNO7

  10. Ref: https://bit.ly/3fBQSNk

  11. None
  12. None

  13. • Query – For Retrieving data/Results, similar to GET in

    REST. • Mutation – For Modifications Like POST/PUT/DELETE Operations. • Subscriptions – For Events/Realtime Updates. GraphQL Schema Subscriptions (Type) - EVENTS Mutations (Type) - WRITE Query (Type) - READ
  14. None
  15. None

  16. Change the POST request into GET Request. Append the payload

    on the Endpoint URL from below link https://pastebin.com/QyNaXVKg https://pastebin.com/dFdsTaDQ
  17. None

  18. SQL Injection NoSQL Injection Access Control Related Issues. Mass Assignment

    IDOR Bypassing 2FA/BruteForce Attacks. DOS Attacks etc.,
  19. None
  20. None
  21. None
  22. None
  23. None
  24. None
  25. None
  26. None
  27. None