Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Pentesting GraphQL APIs

Avatar for Arun Arun
July 17, 2020
Technology
0
190

Pentesting GraphQL APIs

Avatar for Arun

Arun

July 17, 2020
Tweet

More Decks by Arun

See All by Arun
Offensive-GraphQL-API-Exploitation
Avatar for Arun hehacks
1
300
OWASP DevSlop
Avatar for Arun hehacks
0
25
Android Pentesting For Beginners - RE & Static Code Analysis
Avatar for Arun hehacks
0
95
iOS Pentesting for Beginners
Avatar for Arun hehacks
1
29
Metasploit Database Usage
Avatar for Arun hehacks
0
21

Other Decks in Technology

See All in Technology
ソフトウェアテスト 最初の一歩 〜テスト設計技法をワークで体験しながら学ぶ〜 #JaSSTTokyo / SoftwareTestingFirstStep
Avatar for nihonbuson nihonbuson
PRO
1
140
Compose におけるパスワード自動入力とパスワード保存
Avatar for tonionagauzzi tonionagauzzi
0
210
Next.jsと状態管理のプラクティス
Avatar for uhyo uhyo
4
1.8k
MCPが変えるAIとの協働
Avatar for 西岡 賢一郎 (Kenichiro Nishioka) knishioka
1
150
名単体テスト 禁断の傀儡(モック)
Avatar for iwamot iwamot
PRO
1
140
テストコードにはテストの意図を込めよう(2025年版) #retechtalk / Put the intent of the test 2025
Avatar for nihonbuson nihonbuson
PRO
2
630
Datadog のトライアルを成功に導く技術 / Techniques for a successful Datadog trial
Avatar for 株式会社ヌーラボ nulabinc
PRO
0
130
使えるデータ基盤を作る技術選定の秘訣 / selecting-the-right-data-technology
Avatar for pei0804 pei0804
5
1k
続・やっぱり余白が大切だった話
Avatar for KAKEHASHI kakehashi
PRO
3
310
経済メディア編集部の実務に小さく刺さるAI / small-ai-with-editorial
Avatar for Yukiya Nakagawa nkzn
2
330
Azure × MCP 入門
Avatar for Ryosuke Hyakuta ry0y4n
8
1.6k
AI 코딩 에이전트 더 똑똑하게 쓰기
Avatar for nacyot nacyot
0
540

Featured

See All Featured
Reflections from 52 weeks, 52 projects
Avatar for Jefferson Lam jeffersonlam
349
20k
RailsConf 2023
Avatar for Aaron Patterson tenderlove
30
1.1k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
Avatar for Eileen M. Uchitelle eileencodes
137
33k
BBQ
Avatar for Matthew Crist matthewcrist
88
9.6k
Stop Working from a Prison Cell
Avatar for Chris Michel hatefulcrawdad
268
20k
Building Applications with DynamoDB
Avatar for Matt Wood mza
94
6.4k
Code Reviewing Like a Champion
Avatar for maltzj maltzj
523
40k
Speed Design
Avatar for Sergey Chernyshev sergeychernyshev
29
940
Making the Leap to Tech Lead
Avatar for Ryan Cromwell cromwellryan
133
9.3k
Build your cross-platform service in a week with App Engine
Avatar for Jose L jlugia
230
18k
How to Think Like a Performance Engineer
Avatar for Harry Roberts csswizardry
23
1.6k
The Web Performance Landscape in 2024 [PerfNow 2024]
Avatar for Tammy Everts tammyeverts
5
570

Transcript

  1. None
  2. None

  3. graphql { GraphQL GraphQL Architecture REST Vs GraphQL GraphQL Schema

    Introspection Query GraphQL Vulnerabilities Pentesting Tools GraphQL in Action !!! }
  4. None
  5. None
  6. None
  7. None
  8. None

  9. Ref: https://bit.ly/3hLZNO7

  10. Ref: https://bit.ly/3fBQSNk

  11. None
  12. None

  13. • Query – For Retrieving data/Results, similar to GET in

    REST. • Mutation – For Modifications Like POST/PUT/DELETE Operations. • Subscriptions – For Events/Realtime Updates. GraphQL Schema Subscriptions (Type) - EVENTS Mutations (Type) - WRITE Query (Type) - READ
  14. None
  15. None

  16. Change the POST request into GET Request. Append the payload

    on the Endpoint URL from below link https://pastebin.com/QyNaXVKg https://pastebin.com/dFdsTaDQ
  17. None

  18. SQL Injection NoSQL Injection Access Control Related Issues. Mass Assignment

    IDOR Bypassing 2FA/BruteForce Attacks. DOS Attacks etc.,
  19. None
  20. None
  21. None
  22. None
  23. None
  24. None
  25. None
  26. None
  27. None