Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Pentesting GraphQL APIs
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Arun
July 17, 2020
Technology
0
200
Pentesting GraphQL APIs
Arun
July 17, 2020
Tweet
Share
More Decks by Arun
See All by Arun
Offensive-GraphQL-API-Exploitation
hehacks
1
330
OWASP DevSlop
hehacks
0
32
Android Pentesting For Beginners - RE & Static Code Analysis
hehacks
0
110
iOS Pentesting for Beginners
hehacks
1
41
Metasploit Database Usage
hehacks
0
34
Other Decks in Technology
See All in Technology
非情報系研究者へ送る Transformer入門
rishiyama
11
7.5k
Claude Code 2026年 最新アップデート
oikon48
13
10k
DevOpsエージェントで実現する!! AWS Well-Architected(W-A) を実現するシステム設計 / 20260307 Masaki Okuda
shift_evolve
PRO
3
810
Postman v12 で変わる API開発ワークフロー (Postman v12 アップデート) / New API development workflow with Postman v12
yokawasa
0
130
Yahoo!ショッピングのレコメンデーション・システムにおけるML実践の一例
lycorptech_jp
PRO
1
210
ランサムウエア対策してますか?やられた時の対策は本当にできてますか?AWSでのリスク分析と対応フローの泥臭いお話。
hootaki
0
140
わたしがセキュアにAWSを使えるわけないじゃん、ムリムリ!(※ムリじゃなかった!?)
cmusudakeisuke
1
740
猫でもわかるKiro CLI(AI 駆動開発への道編)
kentapapa
0
210
最強のAIエージェントを諦めたら品質が上がった話 / how quality improved after giving up on the strongest AI agent
kt2mikan
0
190
Claude Codeが爆速進化してプラグイン追従がつらいので半自動化した話 ver.2
rfdnxbro
0
540
スクリプトの先へ!AIエージェントと組み合わせる モバイルE2Eテスト
error96num
0
180
脳内メモリ、思ったより揮発性だった
koutorino
0
360
Featured
See All Featured
<Decoding/> the Language of Devs - We Love SEO 2024
nikkihalliwell
1
150
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
35
2.4k
Skip the Path - Find Your Career Trail
mkilby
1
80
ReactJS: Keep Simple. Everything can be a component!
pedronauck
666
130k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
25
1.8k
技術選定の審美眼(2025年版) / Understanding the Spiral of Technologies 2025 edition
twada
PRO
118
110k
Groundhog Day: Seeking Process in Gaming for Health
codingconduct
0
120
Claude Code どこまでも/ Claude Code Everywhere
nwiizo
64
53k
Bridging the Design Gap: How Collaborative Modelling removes blockers to flow between stakeholders and teams @FastFlow conf
baasie
0
480
Accessibility Awareness
sabderemane
0
81
AI in Enterprises - Java and Open Source to the Rescue
ivargrimstad
0
1.2k
Principles of Awesome APIs and How to Build Them.
keavy
128
17k
Transcript
None
None
graphql { GraphQL GraphQL Architecture REST Vs GraphQL GraphQL Schema
Introspection Query GraphQL Vulnerabilities Pentesting Tools GraphQL in Action !!! }
None
None
None
None
None
Ref: https://bit.ly/3hLZNO7
Ref: https://bit.ly/3fBQSNk
None
None
• Query – For Retrieving data/Results, similar to GET in
REST. • Mutation – For Modifications Like POST/PUT/DELETE Operations. • Subscriptions – For Events/Realtime Updates. GraphQL Schema Subscriptions (Type) - EVENTS Mutations (Type) - WRITE Query (Type) - READ
None
None
Change the POST request into GET Request. Append the payload
on the Endpoint URL from below link https://pastebin.com/QyNaXVKg https://pastebin.com/dFdsTaDQ
None
SQL Injection NoSQL Injection Access Control Related Issues. Mass Assignment
IDOR Bypassing 2FA/BruteForce Attacks. DOS Attacks etc.,
None
None
None
None
None
None
None
None
None
SiteGround - Reliable hosting with speed, security, and support you can count on.
hehacks
rishiyama
oikon48
shift_evolve
yokawasa
lycorptech_jp
hootaki
cmusudakeisuke
kentapapa
kt2mikan
rfdnxbro
error96num
koutorino
nikkihalliwell
marcduiker
mkilby
pedronauck
honnibal
twada
codingconduct
nwiizo
baasie
sabderemane
ivargrimstad
keavy
