Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Pentesting GraphQL APIs
Search
Arun
July 17, 2020
Technology
220
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Pentesting GraphQL APIs
Arun
July 17, 2020
More Decks by Arun
See All by Arun
Offensive-GraphQL-API-Exploitation
hehacks
1
340
OWASP DevSlop
hehacks
0
49
Android Pentesting For Beginners - RE & Static Code Analysis
hehacks
0
130
iOS Pentesting for Beginners
hehacks
1
50
Metasploit Database Usage
hehacks
0
40
Other Decks in Technology
See All in Technology
インフラと開発の垣根を超えていき!〜元AWSインフラエンジニアがAWS開発で奮闘している話〜
hatahata021
1
150
あなたの『Site』はどこですか? — xREという考え方
miyamu
0
1.2k
関数型の考えを TypeScript に持ち込んで、テストしやすい純粋関数を増やす / Pure at the Core, Effects at the Edge: Bringing Functional Thinking into TypeScript
kaminashi
1
110
AI駆動開発におけるQAエンジニアの役割事例 〜AI駆動開発の現場から〜
kobayashiyorimitsu
0
490
Baseline対応のDOMの型定義を作った
uhyo
3
740
プロダクトだけじゃない、社内プロセスにおける自動化・省力化ノススメ
kakehashi
PRO
1
3.6k
ADDF - ループエンジニアリングするフレームワークを作ったら/I Didn't Set Out to Build Loop Engineering, But ADDF Did
fruitriin
0
120
Kaggleで成長するために意識したこと
prgckwb
2
300
Making sense of Google’s agentic dev tools
glaforge
1
180
はじめてのWDM
miyukichi_ospf
1
140
実装だけじゃない! CCA-F取得エンジニアが教えるClaude Code開発プロセス活用術
diggymo
2
620
ソニー銀行におけるビジネスアジリティ向上のためのクラウドシフト戦略
srenext
0
140
Featured
See All Featured
Principles of Awesome APIs and How to Build Them.
keavy
128
18k
How to Talk to Developers About Accessibility
jct
2
330
Rails Girls Zürich Keynote
gr2m
96
14k
16th Malabo Montpellier Forum Presentation
akademiya2063
PRO
0
190
My Coaching Mixtape
mlcsv
0
170
The SEO Collaboration Effect
kristinabergwall1
1
500
Navigating the Design Leadership Dip - Product Design Week Design Leaders+ Conference 2024
apolaine
1
370
How to Grow Your eCommerce with AI & Automation
katarinadahlin
PRO
1
220
Building the Perfect Custom Keyboard
takai
2
810
Redefining SEO in the New Era of Traffic Generation
szymonslowik
1
360
The Illustrated Children's Guide to Kubernetes
chrisshort
51
52k
Embracing the Ebb and Flow
colly
88
5.1k
Transcript
None
None
graphql { GraphQL GraphQL Architecture REST Vs GraphQL GraphQL Schema
Introspection Query GraphQL Vulnerabilities Pentesting Tools GraphQL in Action !!! }
None
None
None
None
None
Ref: https://bit.ly/3hLZNO7
Ref: https://bit.ly/3fBQSNk
None
None
• Query – For Retrieving data/Results, similar to GET in
REST. • Mutation – For Modifications Like POST/PUT/DELETE Operations. • Subscriptions – For Events/Realtime Updates. GraphQL Schema Subscriptions (Type) - EVENTS Mutations (Type) - WRITE Query (Type) - READ
None
None
Change the POST request into GET Request. Append the payload
on the Endpoint URL from below link https://pastebin.com/QyNaXVKg https://pastebin.com/dFdsTaDQ
None
SQL Injection NoSQL Injection Access Control Related Issues. Mass Assignment
IDOR Bypassing 2FA/BruteForce Attacks. DOS Attacks etc.,
None
None
None
None
None
None
None
None
None