Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Pentesting GraphQL APIs
Search
Arun
July 17, 2020
Technology
0
190
Pentesting GraphQL APIs
Arun
July 17, 2020
Tweet
Share
More Decks by Arun
See All by Arun
Offensive-GraphQL-API-Exploitation
hehacks
1
290
OWASP DevSlop
hehacks
0
19
Android Pentesting For Beginners - RE & Static Code Analysis
hehacks
0
91
iOS Pentesting for Beginners
hehacks
1
25
Metasploit Database Usage
hehacks
0
19
Other Decks in Technology
See All in Technology
内製化を加速させるlaC活用術
nrinetcom
PRO
2
140
php-conference-nagoya-2025
fuwasegu
0
150
AWSアカウントのセキュリティ自動化、どこまで進める? 最適な設計と実践ポイント
yuobayashi
7
540
Share my, our lessons from the road to re:Invent
naospon
0
140
脳波を用いた嗜好マッチングシステム
hokkey621
0
280
ExaDB-XSで利用されているExadata Exascaleについて
oracle4engineer
PRO
3
240
短縮URLをお手軽に導入しよう
nakasho
0
140
Potential EM 制度を始めた理由、そして2年後にやめた理由 - EMConf JP 2025
hoyo
2
2.6k
大規模アジャイルフレームワークから学ぶエンジニアマネジメントの本質
staka121
PRO
3
1.1k
Amazon Aurora のバージョンアップ手法について
smt7174
2
140
データベースの負荷を紐解く/untangle-the-database-load
emiki
2
500
わたしがEMとして入社した「最初の100日」の過ごし方 / EMConfJp2025
daiksy
14
4.9k
Featured
See All Featured
A Tale of Four Properties
chriscoyier
158
23k
The MySQL Ecosystem @ GitHub 2015
samlambert
250
12k
A better future with KSS
kneath
238
17k
Art, The Web, and Tiny UX
lynnandtonic
298
20k
Practical Orchestrator
shlominoach
186
10k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
160
15k
Building an army of robots
kneath
303
45k
Mobile First: as difficult as doing things right
swwweet
223
9.4k
Making Projects Easy
brettharned
116
6k
Build The Right Thing And Hit Your Dates
maggiecrowley
34
2.5k
GraphQLとの向き合い方2022年版
quramy
44
14k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
330
21k
Transcript
None
None
graphql { GraphQL GraphQL Architecture REST Vs GraphQL GraphQL Schema
Introspection Query GraphQL Vulnerabilities Pentesting Tools GraphQL in Action !!! }
None
None
None
None
None
Ref: https://bit.ly/3hLZNO7
Ref: https://bit.ly/3fBQSNk
None
None
• Query – For Retrieving data/Results, similar to GET in
REST. • Mutation – For Modifications Like POST/PUT/DELETE Operations. • Subscriptions – For Events/Realtime Updates. GraphQL Schema Subscriptions (Type) - EVENTS Mutations (Type) - WRITE Query (Type) - READ
None
None
Change the POST request into GET Request. Append the payload
on the Endpoint URL from below link https://pastebin.com/QyNaXVKg https://pastebin.com/dFdsTaDQ
None
SQL Injection NoSQL Injection Access Control Related Issues. Mass Assignment
IDOR Bypassing 2FA/BruteForce Attacks. DOS Attacks etc.,
None
None
None
None
None
None
None
None
None