Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Pentesting GraphQL APIs
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Arun
July 17, 2020
Technology
210
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Pentesting GraphQL APIs
Arun
July 17, 2020
More Decks by Arun
See All by Arun
Offensive-GraphQL-API-Exploitation
hehacks
1
340
OWASP DevSlop
hehacks
0
47
Android Pentesting For Beginners - RE & Static Code Analysis
hehacks
0
130
iOS Pentesting for Beginners
hehacks
1
47
Metasploit Database Usage
hehacks
0
39
Other Decks in Technology
See All in Technology
When Platform Engineering Meets GenAI
sucitw
0
130
2026 TECHFRESH 畢業分享會 - AI-Native 重塑軟體工程與虛擬講師
line_developers_tw
PRO
0
1.3k
【NRUG vol.18】KubernetesにおけるNew Relicデータ取得量削減の考え方
nrug_member
0
170
2026TECHFRESH畢業分享會 - AI 時代的人生存檔點
line_developers_tw
PRO
0
1.3k
20260619 私の日常業務での生成 AI 活用
masaruogura
1
230
【Snowflake Summit 2026 Recap!!】Snowflake Summit Deep Dive: Security & Governance
civitaspo
1
270
SONiC Scale-Up Working Group から探る Scale-UpやUltraEthernet機能の実装方法
ebiken
PRO
2
410
2026TECHFRESH畢業分享會 - 原生還是跨平台? App 開發踩坑實錄
line_developers_tw
PRO
0
1.3k
FPGAの開発コンペでZephyrを使ってみた
iotengineer22
0
140
Oracle Cloud Infrastructure:2026年6月度サービス・アップデート
oracle4engineer
PRO
0
130
MUSUBI 田中裕一『AIと共に行う「しごとのリデザイン」- スモールバックオフィス編』AI Ops Lab #4
musubi
0
270
2026TECHFRESH畢業分享會 - Lightning Talk - E起 See See : 電商推薦讀心術? 數據說了算
line_developers_tw
PRO
0
1.3k
Featured
See All Featured
What's in a price? How to price your products and services
michaelherold
247
13k
Building Flexible Design Systems
yeseniaperezcruz
330
40k
Conquering PDFs: document understanding beyond plain text
inesmontani
PRO
4
2.8k
First, design no harm
axbom
PRO
2
1.2k
A Guide to Academic Writing Using Generative AI - A Workshop
ks91
PRO
1
330
The Illustrated Guide to Node.js - THAT Conference 2024
reverentgeek
1
390
Designing Experiences People Love
moore
143
24k
How Fast Is Fast Enough? [PerfNow 2025]
tammyeverts
3
610
Building a A Zero-Code AI SEO Workflow
portentint
PRO
0
600
Paper Plane
katiecoart
PRO
1
51k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
31
10k
Unlocking the hidden potential of vector embeddings in international SEO
frankvandijk
0
840
Transcript
None
None
graphql { GraphQL GraphQL Architecture REST Vs GraphQL GraphQL Schema
Introspection Query GraphQL Vulnerabilities Pentesting Tools GraphQL in Action !!! }
None
None
None
None
None
Ref: https://bit.ly/3hLZNO7
Ref: https://bit.ly/3fBQSNk
None
None
• Query – For Retrieving data/Results, similar to GET in
REST. • Mutation – For Modifications Like POST/PUT/DELETE Operations. • Subscriptions – For Events/Realtime Updates. GraphQL Schema Subscriptions (Type) - EVENTS Mutations (Type) - WRITE Query (Type) - READ
None
None
Change the POST request into GET Request. Append the payload
on the Endpoint URL from below link https://pastebin.com/QyNaXVKg https://pastebin.com/dFdsTaDQ
None
SQL Injection NoSQL Injection Access Control Related Issues. Mass Assignment
IDOR Bypassing 2FA/BruteForce Attacks. DOS Attacks etc.,
None
None
None
None
None
None
None
None
None
hehacks
sucitw
line_developers_tw
nrug_member
masaruogura
civitaspo
ebiken
iotengineer22
oracle4engineer
musubi
michaelherold
yeseniaperezcruz
inesmontani
axbom
ks91
reverentgeek
moore
tammyeverts
portentint
katiecoart
eileencodes
frankvandijk
