Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Pentesting GraphQL APIs
Search
Arun
July 17, 2020
Technology
0
170
Pentesting GraphQL APIs
Arun
July 17, 2020
Tweet
Share
More Decks by Arun
See All by Arun
Offensive-GraphQL-API-Exploitation
hehacks
1
270
OWASP DevSlop
hehacks
0
16
Android Pentesting For Beginners - RE & Static Code Analysis
hehacks
0
76
iOS Pentesting for Beginners
hehacks
1
21
Metasploit Database Usage
hehacks
0
15
Other Decks in Technology
See All in Technology
Azureの基本的な権限管理の勉強会
yhana
1
2.1k
LangSmith入門―トレース/評価/プロンプト管理などを担うLLMアプリ開発プラットフォーム
os1ma
5
740
令和最新版 Ruby プロファイラ "Pf2" のご紹介
osyoyu
0
140
エンジニア候補者向け資料2024.04.24.pdf
macloud
0
3.4k
Babylon.jsと色々なものを組み合わせる:ブラウザのAPIやガジェットや2D描画ライブラリなど / Babylon.js 勉強会 vol.3
you
PRO
0
170
MixIT 2024 - Pulumi : Gérer son infra avec son langage de programmation préféré
ju_hnny5
1
120
【NW X Security JAWS#3】L3-4:AWS環境のIPv6移行に向けて知っておきたいこと
shotashiratori
1
680
データベース02: データベースの概念
trycycle
0
180
2023年度にEMとして頑張ったこと
ikefukurou777
0
100
Gitlab本から学んだこと - そーだいなるプレイバック / gitlab-book
soudai
7
1.3k
家族アルバム みてねにおけるGrafana活用術 / Grafana Meetup Japan Vol.1 LT
isaoshimizu
1
1.1k
モーダル間の変換後の一致性とジャンル表を用いた解釈可能性の考察 ~Text-to-MusicとText-To-ImageかつImage-to-Musicを例に~
otanet
0
310
Featured
See All Featured
What the flash - Photography Introduction
edds
64
11k
Faster Mobile Websites
deanohume
300
30k
Fireside Chat
paigeccino
22
2.6k
Designing for Performance
lara
601
67k
A better future with KSS
kneath
231
16k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
228
16k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
34
8.9k
Fashionably flexible responsive web design (full day workshop)
malarkey
398
65k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
22
1.6k
Building a Scalable Design System with Sketch
lauravandoore
457
32k
Building a Modern Day E-commerce SEO Strategy
aleyda
22
6.4k
No one is an island. Learnings from fostering a developers community.
thoeni
16
2.1k
Transcript
None
None
graphql { GraphQL GraphQL Architecture REST Vs GraphQL GraphQL Schema
Introspection Query GraphQL Vulnerabilities Pentesting Tools GraphQL in Action !!! }
None
None
None
None
None
Ref: https://bit.ly/3hLZNO7
Ref: https://bit.ly/3fBQSNk
None
None
• Query – For Retrieving data/Results, similar to GET in
REST. • Mutation – For Modifications Like POST/PUT/DELETE Operations. • Subscriptions – For Events/Realtime Updates. GraphQL Schema Subscriptions (Type) - EVENTS Mutations (Type) - WRITE Query (Type) - READ
None
None
Change the POST request into GET Request. Append the payload
on the Endpoint URL from below link https://pastebin.com/QyNaXVKg https://pastebin.com/dFdsTaDQ
None
SQL Injection NoSQL Injection Access Control Related Issues. Mass Assignment
IDOR Bypassing 2FA/BruteForce Attacks. DOS Attacks etc.,
None
None
None
None
None
None
None
None
None