Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Pentesting GraphQL APIs
Search
Arun
July 17, 2020
Technology
0
200
Pentesting GraphQL APIs
Arun
July 17, 2020
Tweet
Share
More Decks by Arun
See All by Arun
Offensive-GraphQL-API-Exploitation
hehacks
1
310
OWASP DevSlop
hehacks
0
30
Android Pentesting For Beginners - RE & Static Code Analysis
hehacks
0
100
iOS Pentesting for Beginners
hehacks
1
34
Metasploit Database Usage
hehacks
0
25
Other Decks in Technology
See All in Technology
職種別ミートアップで社内から盛り上げる アウトプット文化の醸成と関係強化/ #DevRelKaigi
nishiuma
2
120
SOC2取得の全体像
shonansurvivors
1
350
C# 14 / .NET 10 の新機能 (RC 1 時点)
nenonaninu
1
1.4k
KAGのLT会 #8 - 東京リージョンでGAしたAmazon Q in QuickSightを使って、報告用の資料を作ってみた
0air
0
190
AIが書いたコードをAIが検証する!自律的なモバイルアプリ開発の実現
henteko
1
300
Why React!?? Next.jsそしてReactを改めてイチから選ぶ
ypresto
10
4.2k
「技術負債にならない・間違えない」 権限管理の設計と実装
naro143
35
10k
analysis パッケージの仕組みの上でMulti linter with configを実現する / Go Conference 2025
k1low
1
260
PythonとLLMで挑む、 4コマ漫画の構造化データ化
esuji5
1
130
10年の共創が示す、これからの開発者と企業の関係 ~ Crossroad
soracom
PRO
1
130
自作LLM Native GORM Pluginで実現する AI Agentバックテスト基盤構築
po3rin
2
230
神回のメカニズムと再現方法/Mechanisms and Playbook for Kamikai scrumat2025
moriyuya
4
310
Featured
See All Featured
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
36
2.5k
StorybookのUI Testing Handbookを読んだ
zakiyama
31
6.2k
Building an army of robots
kneath
306
46k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
30
9.7k
YesSQL, Process and Tooling at Scale
rocio
173
14k
Build The Right Thing And Hit Your Dates
maggiecrowley
37
2.9k
Building Adaptive Systems
keathley
43
2.8k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
114
20k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.5k
VelocityConf: Rendering Performance Case Studies
addyosmani
332
24k
GitHub's CSS Performance
jonrohan
1032
460k
Art, The Web, and Tiny UX
lynnandtonic
303
21k
Transcript
None
None
graphql { GraphQL GraphQL Architecture REST Vs GraphQL GraphQL Schema
Introspection Query GraphQL Vulnerabilities Pentesting Tools GraphQL in Action !!! }
None
None
None
None
None
Ref: https://bit.ly/3hLZNO7
Ref: https://bit.ly/3fBQSNk
None
None
• Query – For Retrieving data/Results, similar to GET in
REST. • Mutation – For Modifications Like POST/PUT/DELETE Operations. • Subscriptions – For Events/Realtime Updates. GraphQL Schema Subscriptions (Type) - EVENTS Mutations (Type) - WRITE Query (Type) - READ
None
None
Change the POST request into GET Request. Append the payload
on the Endpoint URL from below link https://pastebin.com/QyNaXVKg https://pastebin.com/dFdsTaDQ
None
SQL Injection NoSQL Injection Access Control Related Issues. Mass Assignment
IDOR Bypassing 2FA/BruteForce Attacks. DOS Attacks etc.,
None
None
None
None
None
None
None
None
None