Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Pentesting GraphQL APIs

Avatar for Arun Arun
July 17, 2020
Technology
0
190

Pentesting GraphQL APIs

Avatar for Arun

Arun

July 17, 2020
Tweet

More Decks by Arun

See All by Arun
Offensive-GraphQL-API-Exploitation
Avatar for Arun hehacks
1
300
OWASP DevSlop
Avatar for Arun hehacks
0
26
Android Pentesting For Beginners - RE & Static Code Analysis
Avatar for Arun hehacks
0
96
iOS Pentesting for Beginners
Avatar for Arun hehacks
1
29
Metasploit Database Usage
Avatar for Arun hehacks
0
22

Other Decks in Technology

See All in Technology
エンジニア採用から始まる技術広報と組織づくり/202506lt
Avatar for Ichiro Nishiuma nishiuma
8
1.5k
Ретроспективный взгляд на Vue 3. Даша Сабурова, Vue-разработчик Lamoda Tech
Avatar for Lamoda Tech lamodatech
0
630
OpenJDKエコシステムと開発中の機能を紹介 2025夏版
Avatar for Chihiro Ito chiroito
2
1.3k
Contract One Engineering Unit 紹介資料
Avatar for Sansan, Inc. sansan33
PRO
0
6.3k
All About Sansan – for New Global Engineers
Avatar for Sansan, Inc. sansan33
PRO
1
1.2k
Text-to-SQLの評価データセットを作って最新LLMモデルの性能評価をしてみた
Avatar for Gota gotalab555
3
720
データベースの引越しを Ora2Pg でスマートにやろう
Avatar for Yuichiro Narita jri_narita
0
190
Data Hubグループ 紹介資料
Avatar for Sansan, Inc. sansan33
PRO
0
1.8k
Grafana MCP serverでなんかし隊 / Try Grafana MCP server
Avatar for kohbis kohbis
0
290
ソフトウェアテストのAI活用_ver1.20
Avatar for fumisuke fumisuke
0
240
AI とペアプロしてわかった 3 つのヒューマンエラー
Avatar for TakahiroIKEGAWA (池川 貴裕) takahiroikegawa
1
610
名刺メーカーDevグループ 紹介資料
Avatar for Sansan, Inc. sansan33
PRO
0
770

Featured

See All Featured
What’s in a name? Adding method to the madness
Avatar for Product Marketing Alliance productmarketing
PRO
22
3.5k
The World Runs on Bad Software
Avatar for Brandon Keepers bkeepers
PRO
68
11k
Building an army of robots
Avatar for Kyle Neath kneath
306
45k
Statistics for Hackers
Avatar for Jake VanderPlas jakevdp
799
220k
What's in a price? How to price your products and services
Avatar for Michael Herold michaelherold
245
12k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
Avatar for Eileen M. Uchitelle eileencodes
26
2.8k
The Art of Delivering Value - GDevCon NA Keynote
Avatar for David Neal reverentgeek
14
1.5k
[RailsConf 2023 Opening Keynote] The Magic of Rails
Avatar for Eileen M. Uchitelle eileencodes
29
9.5k
RailsConf 2023
Avatar for Aaron Patterson tenderlove
30
1.1k
Distributed Sagas: A Protocol for Coordinating Microservices
Avatar for Caitie McCaffrey caitiem20
331
22k
Building Applications with DynamoDB
Avatar for Matt Wood mza
95
6.4k
Facilitating Awesome Meetings
Avatar for Lara Hogan lara
54
6.4k

Transcript

  1. None
  2. None

  3. graphql { GraphQL GraphQL Architecture REST Vs GraphQL GraphQL Schema

    Introspection Query GraphQL Vulnerabilities Pentesting Tools GraphQL in Action !!! }
  4. None
  5. None
  6. None
  7. None
  8. None

  9. Ref: https://bit.ly/3hLZNO7

  10. Ref: https://bit.ly/3fBQSNk

  11. None
  12. None

  13. • Query – For Retrieving data/Results, similar to GET in

    REST. • Mutation – For Modifications Like POST/PUT/DELETE Operations. • Subscriptions – For Events/Realtime Updates. GraphQL Schema Subscriptions (Type) - EVENTS Mutations (Type) - WRITE Query (Type) - READ
  14. None
  15. None

  16. Change the POST request into GET Request. Append the payload

    on the Endpoint URL from below link https://pastebin.com/QyNaXVKg https://pastebin.com/dFdsTaDQ
  17. None

  18. SQL Injection NoSQL Injection Access Control Related Issues. Mass Assignment

    IDOR Bypassing 2FA/BruteForce Attacks. DOS Attacks etc.,
  19. None
  20. None
  21. None
  22. None
  23. None
  24. None
  25. None
  26. None
  27. None