Lock in $30 Savings on PRO—Offer Ends Soon! ⏳
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Pentesting GraphQL APIs
Search
Arun
July 17, 2020
Technology
0
200
Pentesting GraphQL APIs
Arun
July 17, 2020
Tweet
Share
More Decks by Arun
See All by Arun
Offensive-GraphQL-API-Exploitation
hehacks
1
320
OWASP DevSlop
hehacks
0
30
Android Pentesting For Beginners - RE & Static Code Analysis
hehacks
0
110
iOS Pentesting for Beginners
hehacks
1
38
Metasploit Database Usage
hehacks
0
32
Other Decks in Technology
See All in Technology
2025-12-18_AI駆動開発推進プロジェクト運営について / AIDD-Promotion project management
yayoi_dd
0
150
Authlete で実装する MCP OAuth 認可サーバー #CIMD の実装を添えて
watahani
0
160
株式会社ビザスク_AI__Engineering_Summit_Tokyo_2025_登壇資料.pdf
eikohashiba
1
110
AWSインフルエンサーへの道 / load of AWS Influencer
whisaiyo
0
210
Identity Management for Agentic AI 解説
fujie
0
450
20251203_AIxIoTビジネス共創ラボ_第4回勉強会_BP山崎.pdf
iotcomjpadmin
0
130
AgentCore BrowserとClaude Codeスキルを活用した 『初手AI』を実現する業務自動化AIエージェント基盤
ruzia
7
1.3k
AWSの新機能をフル活用した「re:Inventエージェント」開発秘話
minorun365
2
430
シニアソフトウェアエンジニアになるためには
kworkdev
PRO
3
260
Snowflake導入から1年、LayerXのデータ活用の現在 / One Year into Snowflake: How LayerX Uses Data Today
civitaspo
0
2.3k
Agent Skillsがハーネスの垣根を超える日
gotalab555
6
4k
AgentCoreとStrandsで社内d払いナレッジボットを作った話
motojimayu
1
790
Featured
See All Featured
A Modern Web Designer's Workflow
chriscoyier
698
190k
Principles of Awesome APIs and How to Build Them.
keavy
127
17k
Faster Mobile Websites
deanohume
310
31k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
162
16k
Digital Projects Gone Horribly Wrong (And the UX Pros Who Still Save the Day) - Dean Schuster
uxyall
0
100
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
196
70k
SEOcharity - Dark patterns in SEO and UX: How to avoid them and build a more ethical web
sarafernandez
0
88
Building Better People: How to give real-time feedback that sticks.
wjessup
370
20k
Are puppies a ranking factor?
jonoalderson
0
2.4k
Leadership Guide Workshop - DevTernity 2021
reverentgeek
0
160
Kristin Tynski - Automating Marketing Tasks With AI
techseoconnect
PRO
0
110
Site-Speed That Sticks
csswizardry
13
1k
Transcript
None
None
graphql { GraphQL GraphQL Architecture REST Vs GraphQL GraphQL Schema
Introspection Query GraphQL Vulnerabilities Pentesting Tools GraphQL in Action !!! }
None
None
None
None
None
Ref: https://bit.ly/3hLZNO7
Ref: https://bit.ly/3fBQSNk
None
None
• Query – For Retrieving data/Results, similar to GET in
REST. • Mutation – For Modifications Like POST/PUT/DELETE Operations. • Subscriptions – For Events/Realtime Updates. GraphQL Schema Subscriptions (Type) - EVENTS Mutations (Type) - WRITE Query (Type) - READ
None
None
Change the POST request into GET Request. Append the payload
on the Endpoint URL from below link https://pastebin.com/QyNaXVKg https://pastebin.com/dFdsTaDQ
None
SQL Injection NoSQL Injection Access Control Related Issues. Mass Assignment
IDOR Bypassing 2FA/BruteForce Attacks. DOS Attacks etc.,
None
None
None
None
None
None
None
None
None
hehacks
yayoi_dd
watahani
eikohashiba
whisaiyo
fujie
iotcomjpadmin
ruzia
minorun365
kworkdev
civitaspo
gotalab555
motojimayu
chriscoyier
keavy
deanohume
sstephenson
uxyall
soudai
sarafernandez
wjessup
jonoalderson
reverentgeek
techseoconnect
csswizardry
