Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Pentesting GraphQL APIs

Sponsored · Your Podcast. Everywhere. Effortlessly. Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
Avatar for Arun Arun
July 17, 2020
Technology
210
0

Pentesting GraphQL APIs

Avatar for Arun

Arun

July 17, 2020

More Decks by Arun

See All by Arun
Offensive-GraphQL-API-Exploitation
Avatar for Arun hehacks
1
330
OWASP DevSlop
Avatar for Arun hehacks
0
40
Android Pentesting For Beginners - RE & Static Code Analysis
Avatar for Arun hehacks
0
120
iOS Pentesting for Beginners
Avatar for Arun hehacks
1
44
Metasploit Database Usage
Avatar for Arun hehacks
0
37

Other Decks in Technology

See All in Technology
Data Hubグループ 紹介資料
Avatar for Sansan, Inc. sansan33
PRO
0
2.9k
AI バイブコーティングでキーボード不要?!
Avatar for Sam Akada samakada
0
560
ハーネスエンジニアリングの概要と設計思想
Avatar for sergicalsix sergicalsix
9
4.9k
Choose your own adventure in agentic design patterns
Avatar for Guillaume Laforge glaforge
0
130
Do Ruby::Box dream of Modular Monolith?
Avatar for Tomohiro Hashidate joker1007
1
340
名刺メーカーDevグループ 紹介資料
Avatar for Sansan, Inc. sansan33
PRO
0
1.1k
ハーネスエンジニアリングをやりすぎた話 ~そのハーネスは解体された~
Avatar for Gota gotalab555
4
1.7k
AIを共同作業者にして書籍を執筆する方法 / How to Write a Book with AI as a Co-Creator
Avatar for ama-ch ama_ch
2
130
ネットワーク運用を楽にするAWS DevOps Agent活用法!! / 20260421 Masaki Okuda
Avatar for SHIFT EVOLVE shift_evolve
PRO
2
210
Pure Intonation on Browser: Building a Sequencer with Ruby
Avatar for nagachika nagachika
0
110
#jawsugyokohama 100 LT11, "My AWS Journey 2011-2026 - kwntravel"
Avatar for Shinichiro Kawano shinichirokawano
0
350
MLOps導入のための組織作りの第一歩
Avatar for Daisuke Akagawa (Akasan) akasan
0
330

Featured

See All Featured
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
Avatar for Eileen M. Uchitelle eileencodes
27
3.4k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
Avatar for Vitaly Friedman smashingmag
254
22k
Imperfection Machines: The Place of Print at Facebook
Avatar for Scott Boms scottboms
270
14k
Highjacked: Video Game Concept Design
Avatar for Ryan Kendrick rkendrick25
PRO
1
340
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
Avatar for soudai sone soudai
PRO
199
73k
How Fast Is Fast Enough? [PerfNow 2025]
Avatar for Tammy Everts tammyeverts
3
530
Designing for humans not robots
Avatar for Tammie Lister tammielis
254
26k
Ten Tips & Tricks for a 🌱 transition
Avatar for Manu Carrasco Molina stuffmc
0
99
Chasing Engaging Ingredients in Design
Avatar for Sebastian Deterding codingconduct
0
170
First, design no harm
Avatar for Per Axbom axbom
PRO
2
1.2k
Discover your Explorer Soul
Avatar for Emna emna__ayadi
2
1.1k
The AI Search Optimization Roadmap by Aleyda Solis
Avatar for Aleyda Solis aleyda
1
5.6k

Transcript

  1. None
  2. None

  3. graphql { GraphQL GraphQL Architecture REST Vs GraphQL GraphQL Schema

    Introspection Query GraphQL Vulnerabilities Pentesting Tools GraphQL in Action !!! }
  4. None
  5. None
  6. None
  7. None
  8. None

  9. Ref: https://bit.ly/3hLZNO7

  10. Ref: https://bit.ly/3fBQSNk

  11. None
  12. None

  13. • Query – For Retrieving data/Results, similar to GET in

    REST. • Mutation – For Modifications Like POST/PUT/DELETE Operations. • Subscriptions – For Events/Realtime Updates. GraphQL Schema Subscriptions (Type) - EVENTS Mutations (Type) - WRITE Query (Type) - READ
  14. None
  15. None

  16. Change the POST request into GET Request. Append the payload

    on the Endpoint URL from below link https://pastebin.com/QyNaXVKg https://pastebin.com/dFdsTaDQ
  17. None

  18. SQL Injection NoSQL Injection Access Control Related Issues. Mass Assignment

    IDOR Bypassing 2FA/BruteForce Attacks. DOS Attacks etc.,
  19. None
  20. None
  21. None
  22. None
  23. None
  24. None
  25. None
  26. None
  27. None