Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Pentesting GraphQL APIs
Search
Arun
July 17, 2020
Technology
0
200
Pentesting GraphQL APIs
Arun
July 17, 2020
Tweet
Share
More Decks by Arun
See All by Arun
Offensive-GraphQL-API-Exploitation
hehacks
1
310
OWASP DevSlop
hehacks
0
30
Android Pentesting For Beginners - RE & Static Code Analysis
hehacks
0
100
iOS Pentesting for Beginners
hehacks
1
34
Metasploit Database Usage
hehacks
0
27
Other Decks in Technology
See All in Technology
だいたい分かった気になる 『SREの知識地図』 / introduction-to-sre-knowledge-map-book
katsuhisa91
PRO
3
1.3k
ハノーファーメッセ2025で見た生成AI活用ユースケース.pdf
hamadakoji
0
420
QA業務を変える(!?)AIを併用した不具合分析の実践
ma2ri
0
120
難しいセキュリティ用語をわかりやすくしてみた
yuta3110
0
380
現場の壁を乗り越えて、 「計装注入」が拓く オブザーバビリティ / Beyond the Field Barriers: Instrumentation Injection and the Future of Observability
aoto
PRO
1
140
「タコピーの原罪」から学ぶ間違った”支援” / the bad support of Takopii
piyonakajima
0
140
ソースを読む時の思考プロセスの例-MkDocs
sat
PRO
1
140
Dify on AWS 環境構築手順
yosse95ai
0
120
個人でデジタル庁の デザインシステムをVue.jsで 作っている話
nishiharatsubasa
3
4.7k
Sansan Engineering Unit 紹介資料
sansan33
PRO
1
3k
NLPコロキウム20251022_超効率化への挑戦: LLM 1bit量子化のロードマップ
yumaichikawa
2
330
Databricks AI/BI Genie の「値ディクショナリー」をAmazonの奥地(S3)まで見に行く
kameitomohiro
1
400
Featured
See All Featured
Speed Design
sergeychernyshev
32
1.2k
Writing Fast Ruby
sferik
630
62k
4 Signs Your Business is Dying
shpigford
185
22k
Statistics for Hackers
jakevdp
799
220k
RailsConf 2023
tenderlove
30
1.3k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
26
3.1k
[RailsConf 2023] Rails as a piece of cake
palkan
57
5.9k
Music & Morning Musume
bryan
46
6.9k
Building Flexible Design Systems
yeseniaperezcruz
329
39k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
140
34k
Building a Scalable Design System with Sketch
lauravandoore
463
33k
Designing for humans not robots
tammielis
254
26k
Transcript
None
None
graphql { GraphQL GraphQL Architecture REST Vs GraphQL GraphQL Schema
Introspection Query GraphQL Vulnerabilities Pentesting Tools GraphQL in Action !!! }
None
None
None
None
None
Ref: https://bit.ly/3hLZNO7
Ref: https://bit.ly/3fBQSNk
None
None
• Query – For Retrieving data/Results, similar to GET in
REST. • Mutation – For Modifications Like POST/PUT/DELETE Operations. • Subscriptions – For Events/Realtime Updates. GraphQL Schema Subscriptions (Type) - EVENTS Mutations (Type) - WRITE Query (Type) - READ
None
None
Change the POST request into GET Request. Append the payload
on the Endpoint URL from below link https://pastebin.com/QyNaXVKg https://pastebin.com/dFdsTaDQ
None
SQL Injection NoSQL Injection Access Control Related Issues. Mass Assignment
IDOR Bypassing 2FA/BruteForce Attacks. DOS Attacks etc.,
None
None
None
None
None
None
None
None
None