Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Pentesting GraphQL APIs
Search
Arun
July 17, 2020
Technology
0
200
Pentesting GraphQL APIs
Arun
July 17, 2020
Tweet
Share
More Decks by Arun
See All by Arun
Offensive-GraphQL-API-Exploitation
hehacks
1
310
OWASP DevSlop
hehacks
0
30
Android Pentesting For Beginners - RE & Static Code Analysis
hehacks
0
100
iOS Pentesting for Beginners
hehacks
1
34
Metasploit Database Usage
hehacks
0
25
Other Decks in Technology
See All in Technology
多野優介
tanoyusuke
1
180
Findy Team+のSOC2取得までの道のり
rvirus0817
0
300
ユニットテストに対する考え方の変遷 / Everyone should watch his live coding
mdstoy
0
120
What is BigQuery?
aizack_harks
0
120
AIAgentの限界を超え、 現場を動かすWorkflowAgentの設計と実践
miyatakoji
0
110
自作LLM Native GORM Pluginで実現する AI Agentバックテスト基盤構築
po3rin
2
230
Azure SynapseからAzure Databricksへ 移行してわかった新時代のコスト問題!?
databricksjapan
0
120
Optuna DashboardにおけるPLaMo2連携機能の紹介 / PFN LLM セミナー
pfn
PRO
1
830
AIが書いたコードをAIが検証する!自律的なモバイルアプリ開発の実現
henteko
1
310
AWSにおけるTrend Vision Oneの効果について
shimak
0
110
GopherCon Tour 概略
logica0419
2
160
10年の共創が示す、これからの開発者と企業の関係 ~ Crossroad
soracom
PRO
1
130
Featured
See All Featured
Build your cross-platform service in a week with App Engine
jlugia
231
18k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
35
3.2k
Docker and Python
trallard
46
3.6k
Rebuilding a faster, lazier Slack
samanthasiow
84
9.2k
Documentation Writing (for coders)
carmenintech
75
5k
Unsuck your backbone
ammeep
671
58k
Thoughts on Productivity
jonyablonski
70
4.9k
The Cost Of JavaScript in 2023
addyosmani
53
9k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
333
22k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
9
950
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
234
17k
Intergalactic Javascript Robots from Outer Space
tanoku
273
27k
Transcript
None
None
graphql { GraphQL GraphQL Architecture REST Vs GraphQL GraphQL Schema
Introspection Query GraphQL Vulnerabilities Pentesting Tools GraphQL in Action !!! }
None
None
None
None
None
Ref: https://bit.ly/3hLZNO7
Ref: https://bit.ly/3fBQSNk
None
None
• Query – For Retrieving data/Results, similar to GET in
REST. • Mutation – For Modifications Like POST/PUT/DELETE Operations. • Subscriptions – For Events/Realtime Updates. GraphQL Schema Subscriptions (Type) - EVENTS Mutations (Type) - WRITE Query (Type) - READ
None
None
Change the POST request into GET Request. Append the payload
on the Endpoint URL from below link https://pastebin.com/QyNaXVKg https://pastebin.com/dFdsTaDQ
None
SQL Injection NoSQL Injection Access Control Related Issues. Mass Assignment
IDOR Bypassing 2FA/BruteForce Attacks. DOS Attacks etc.,
None
None
None
None
None
None
None
None
None