Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Pentesting GraphQL APIs
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Arun
July 17, 2020
Technology
220
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Pentesting GraphQL APIs
Arun
July 17, 2020
More Decks by Arun
See All by Arun
Offensive-GraphQL-API-Exploitation
hehacks
1
340
OWASP DevSlop
hehacks
0
49
Android Pentesting For Beginners - RE & Static Code Analysis
hehacks
0
130
iOS Pentesting for Beginners
hehacks
1
50
Metasploit Database Usage
hehacks
0
40
Other Decks in Technology
See All in Technology
AI Driven AI Governance
pict3
0
330
タスクの複雑さでモデルを選ぶ ── Thompson Samplingで動かす“トークン/コスト最適化
satohy0323
0
250
Compose 新機能総まとめ / What's New in Jetpack Compose
yanzm
0
160
KiCAD講習会②
tutcreators
0
110
しぶいSRE: サーバから見えない障害にどう向き合うか。ラストワンマイルのデバッグ実践 / Shibui SRE
kanny
13
6k
SRE Lounge Hiroshimaへの招待
grimoh
0
640
穢れた技術選定について
watany
3
310
AI時代の開発生産性は、個人技からチーム設計へ
moongift
PRO
2
170
SRE本の知られざる名シーン / The Hidden Gems of Google SRE Book
nari_ex
1
370
Kaggleで成長するために意識したこと
prgckwb
2
310
Oracle Base Database Service 技術詳細
oracle4engineer
PRO
15
110k
Claude Codeとハーネスについて考えてみる
oikon48
18
9.3k
Featured
See All Featured
The Curious Case for Waylosing
cassininazir
1
430
Stewardship and Sustainability of Urban and Community Forests
pwiseman
0
270
Dominate Local Search Results - an insider guide to GBP, reviews, and Local SEO
greggifford
PRO
0
210
The Invisible Side of Design
smashingmag
301
52k
4 Signs Your Business is Dying
shpigford
187
22k
Navigating Weather and Climate Data
rabernat
0
310
The Cost Of JavaScript in 2023
addyosmani
55
10k
The untapped power of vector embeddings
frankvandijk
2
1.8k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
35
3.6k
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
21
1.5k
Reality Check: Gamification 10 Years Later
codingconduct
0
2.2k
Claude Code どこまでも/ Claude Code Everywhere
nwiizo
65
56k
Transcript
None
None
graphql { GraphQL GraphQL Architecture REST Vs GraphQL GraphQL Schema
Introspection Query GraphQL Vulnerabilities Pentesting Tools GraphQL in Action !!! }
None
None
None
None
None
Ref: https://bit.ly/3hLZNO7
Ref: https://bit.ly/3fBQSNk
None
None
• Query – For Retrieving data/Results, similar to GET in
REST. • Mutation – For Modifications Like POST/PUT/DELETE Operations. • Subscriptions – For Events/Realtime Updates. GraphQL Schema Subscriptions (Type) - EVENTS Mutations (Type) - WRITE Query (Type) - READ
None
None
Change the POST request into GET Request. Append the payload
on the Endpoint URL from below link https://pastebin.com/QyNaXVKg https://pastebin.com/dFdsTaDQ
None
SQL Injection NoSQL Injection Access Control Related Issues. Mass Assignment
IDOR Bypassing 2FA/BruteForce Attacks. DOS Attacks etc.,
None
None
None
None
None
None
None
None
None