Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Pentesting GraphQL APIs

Avatar for Arun Arun
July 17, 2020
Technology
0
190

Pentesting GraphQL APIs

Avatar for Arun

Arun

July 17, 2020
Tweet

More Decks by Arun

See All by Arun
Offensive-GraphQL-API-Exploitation
Avatar for Arun hehacks
1
310
OWASP DevSlop
Avatar for Arun hehacks
0
28
Android Pentesting For Beginners - RE & Static Code Analysis
Avatar for Arun hehacks
0
99
iOS Pentesting for Beginners
Avatar for Arun hehacks
1
32
Metasploit Database Usage
Avatar for Arun hehacks
0
23

Other Decks in Technology

See All in Technology
夢の印税生活 / Life on Royalties
Avatar for とみたまさひろ tmtms
0
270
帳票Vibe Coding
Avatar for terurou terurou
0
120
広島発!スタートアップ開発の裏側
Avatar for Sankyo Toshio tsankyo
0
170
開発と脆弱性と脆弱性診断についての話
Avatar for su3158 su3158
1
1k
React Server ComponentsでAPI不要の開発体験
Avatar for polidog polidog
PRO
1
360
Autonomous Database Serverless 技術詳細 / adb-s_technical_detail_jp
Avatar for oracle4engineer oracle4engineer
PRO
18
52k
MCPサーバーを活用したAWSコスト管理
Avatar for Kaisei Arimura arie0703
0
150
結局QUICで通信は速くなるの?
Avatar for kota-yata kota_yata
9
7.5k
EKS Pod Identity における推移的な session tags
Avatar for z63d z63d
1
190
Mackerel in さくらのクラウド
Avatar for Tatsuhiko Kubo cubicdaiya
1
390
信頼できる開発プラットフォームをどう作るか?-Governance as Codeと継続的監視/フィードバックが導くPlatform Engineeringの進め方
Avatar for yuriemori yuriemori
1
360
プロジェクトマネジメントは不確実性との対話だ
Avatar for HisashiWatanabe hisashiwatanabe
0
190

Featured

See All Featured
Distributed Sagas: A Protocol for Coordinating Microservices
Avatar for Caitie McCaffrey caitiem20
333
22k
Rebuilding a faster, lazier Slack
Avatar for samanthasiow samanthasiow
83
9.1k
Building Better People: How to give real-time feedback that sticks.
Avatar for Will Jessup wjessup
367
19k
ReactJS: Keep Simple. Everything can be a component!
Avatar for Pedro Nauck pedronauck
667
120k
KATA
Avatar for Megan Lloyd mclloyd
32
14k
The Psychology of Web Performance [Beyond Tellerrand 2023]
Avatar for Tammy Everts tammyeverts
49
3k
What's in a price? How to price your products and services
Avatar for Michael Herold michaelherold
246
12k
JavaScript: Past, Present, and Future - NDC Porto 2020
Avatar for David Neal reverentgeek
50
5.5k
Understanding Cognitive Biases in Performance Measurement
Avatar for Philip Tellis bluesmoon
29
1.8k
How to train your dragon (web standard)
Avatar for Monica Dinculescu notwaldorf
96
6.2k
Building Flexible Design Systems
Avatar for Yesenia Perez-Cruz yeseniaperezcruz
328
39k
The Pragmatic Product Professional
Avatar for Laura Van Doore lauravandoore
36
6.8k

Transcript

  1. None
  2. None

  3. graphql { GraphQL GraphQL Architecture REST Vs GraphQL GraphQL Schema

    Introspection Query GraphQL Vulnerabilities Pentesting Tools GraphQL in Action !!! }
  4. None
  5. None
  6. None
  7. None
  8. None

  9. Ref: https://bit.ly/3hLZNO7

  10. Ref: https://bit.ly/3fBQSNk

  11. None
  12. None

  13. • Query – For Retrieving data/Results, similar to GET in

    REST. • Mutation – For Modifications Like POST/PUT/DELETE Operations. • Subscriptions – For Events/Realtime Updates. GraphQL Schema Subscriptions (Type) - EVENTS Mutations (Type) - WRITE Query (Type) - READ
  14. None
  15. None

  16. Change the POST request into GET Request. Append the payload

    on the Endpoint URL from below link https://pastebin.com/QyNaXVKg https://pastebin.com/dFdsTaDQ
  17. None

  18. SQL Injection NoSQL Injection Access Control Related Issues. Mass Assignment

    IDOR Bypassing 2FA/BruteForce Attacks. DOS Attacks etc.,
  19. None
  20. None
  21. None
  22. None
  23. None
  24. None
  25. None
  26. None
  27. None