Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Pentesting GraphQL APIs
Search
Arun
July 17, 2020
Technology
0
200
Pentesting GraphQL APIs
Arun
July 17, 2020
Tweet
Share
More Decks by Arun
See All by Arun
Offensive-GraphQL-API-Exploitation
hehacks
1
310
OWASP DevSlop
hehacks
0
30
Android Pentesting For Beginners - RE & Static Code Analysis
hehacks
0
100
iOS Pentesting for Beginners
hehacks
1
34
Metasploit Database Usage
hehacks
0
27
Other Decks in Technology
See All in Technology
JSConf JPのwebsiteをGatsbyからNext.jsに移行した話 - Next.jsの多言語静的サイトと課題
leko
2
180
データ戦略部門 紹介資料
sansan33
PRO
1
3.8k
難しいセキュリティ用語をわかりやすくしてみた
yuta3110
0
380
Dify on AWS 環境構築手順
yosse95ai
0
120
Dylib Hijacking on macOS: Dead or Alive?
patrickwardle
0
460
OCIjp_Oracle AI World_Recap
shinpy
1
170
研究開発部メンバーの働き⽅ / Sansan R&D Profile
sansan33
PRO
3
20k
ローカルLLMとLINE Botの組み合わせ その2(EVO-X2でgpt-oss-120bを利用) / LINE DC Generative AI Meetup #7
you
PRO
1
150
Introduction to Sansan Meishi Maker Development Engineer
sansan33
PRO
0
310
Oracle Base Database Service 技術詳細
oracle4engineer
PRO
12
81k
オブザーバビリティと育てた ID管理・認証認可基盤の歩み / The Journey of an ID Management, Authentication, and Authorization Platform Nurtured with Observability
kaminashi
1
140
[VPoE Global Summit] サービスレベル目標による信頼性への投資最適化
satos
0
230
Featured
See All Featured
Optimising Largest Contentful Paint
csswizardry
37
3.5k
Mobile First: as difficult as doing things right
swwweet
225
10k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
52
5.7k
Into the Great Unknown - MozCon
thekraken
40
2.1k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
9
990
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
12
1.2k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
48
9.7k
4 Signs Your Business is Dying
shpigford
185
22k
Building Flexible Design Systems
yeseniaperezcruz
329
39k
GraphQLとの向き合い方2022年版
quramy
49
14k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
234
17k
YesSQL, Process and Tooling at Scale
rocio
173
15k
Transcript
None
None
graphql { GraphQL GraphQL Architecture REST Vs GraphQL GraphQL Schema
Introspection Query GraphQL Vulnerabilities Pentesting Tools GraphQL in Action !!! }
None
None
None
None
None
Ref: https://bit.ly/3hLZNO7
Ref: https://bit.ly/3fBQSNk
None
None
• Query – For Retrieving data/Results, similar to GET in
REST. • Mutation – For Modifications Like POST/PUT/DELETE Operations. • Subscriptions – For Events/Realtime Updates. GraphQL Schema Subscriptions (Type) - EVENTS Mutations (Type) - WRITE Query (Type) - READ
None
None
Change the POST request into GET Request. Append the payload
on the Endpoint URL from below link https://pastebin.com/QyNaXVKg https://pastebin.com/dFdsTaDQ
None
SQL Injection NoSQL Injection Access Control Related Issues. Mass Assignment
IDOR Bypassing 2FA/BruteForce Attacks. DOS Attacks etc.,
None
None
None
None
None
None
None
None
None