Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Pentesting GraphQL APIs

Avatar for Arun Arun
July 17, 2020
Technology
0
200

Pentesting GraphQL APIs

Avatar for Arun

Arun

July 17, 2020
Tweet

More Decks by Arun

See All by Arun
Offensive-GraphQL-API-Exploitation
Avatar for Arun hehacks
1
330
OWASP DevSlop
Avatar for Arun hehacks
0
32
Android Pentesting For Beginners - RE & Static Code Analysis
Avatar for Arun hehacks
0
110
iOS Pentesting for Beginners
Avatar for Arun hehacks
1
41
Metasploit Database Usage
Avatar for Arun hehacks
0
34

Other Decks in Technology

See All in Technology
Scrum Fest Morioka 2026
Avatar for Yasunobu Kawaguchi kawaguti
PRO
2
670
dbt meetup #19 『dbtを『なんとなく動かす』を卒業します』
Avatar for t-hiroto tiltmax3
0
110
三菱UFJ銀行におけるエンタープライズAI駆動開発のリアル / Enterprise AI_Driven Development at MUFG Bank: The Real Story
Avatar for 三菱UFJインフォメーションテクノロジー株式会社 muit
10
19k
【SLO】"多様な期待値" と向き合ってみた
Avatar for kaita z63d
1
110
AIエージェントで変わる開発プロセス ― レビューボトルネックからの脱却
Avatar for LINEヤフーTech (LY Corporation Tech) lycorptech_jp
PRO
2
750
2026-02-25 Tokyo dbt meetup プロダクトと融合したCI/CD で実現する、堅牢なデータパイプラインの作り方
Avatar for Kentaro Yoshida y_ken
0
140
Snowflake Night #2 LT
Avatar for タロウ taromatsui_cccmkhd
0
210
1 年間の育休から時短勤務で復帰した私が、 AI を駆使して立ち上がりを早めた話
Avatar for LINEヤフーTech (LY Corporation Tech) lycorptech_jp
PRO
0
170
ソフトウェアアーキテクトのための意思決定術: Create Decision Readiness—The Real Skill Behind Architectural Decision
Avatar for Koji SHIMADA snoozer05
PRO
23
6.6k
「静的解析」だけで終わらせない。 SonarQube の最新機能 × AIで エンジニアの開発生産性を本気で上げる方法
Avatar for Wenhan Shi xibuka
2
310
Interop Tokyo 2025 ShowNet Team Memberで学んだSRv6を基礎から丁寧に
Avatar for miyukichi_ospf miyukichi_ospf
0
210
Databricks (と気合い)で頑張るAI Agent 運用
Avatar for camay kameitomohiro
0
300

Featured

See All Featured
KATA
Avatar for Megan Lloyd mclloyd
PRO
35
15k
Agile Actions for Facilitating Distributed Teams - ADO2019
Avatar for Mark Kilby mkilby
0
130
Hiding What from Whom? A Critical Review of the History of Programming languages for Music
Avatar for Tomoya Matsuura tomoyanonymous
2
470
Rebuilding a faster, lazier Slack
Avatar for samanthasiow samanthasiow
85
9.4k
The World Runs on Bad Software
Avatar for Brandon Keepers bkeepers
PRO
72
12k
Code Reviewing Like a Champion
Avatar for maltzj maltzj
527
40k
Writing Fast Ruby
Avatar for Erik Berlin sferik
630
62k
Leadership Guide Workshop - DevTernity 2021
Avatar for David Neal reverentgeek
1
220
End of SEO as We Know It (SMX Advanced Version)
Avatar for Michael King ipullrank
3
4k
The Director’s Chair: Orchestrating AI for Truly Effective Learning
Avatar for Mike Taylor tmiket
1
110
Google's AI Overviews - The New Search
Avatar for Barry Adams badams
0
920
30 Presentation Tips
Avatar for Ian Lurie portentint
PRO
1
240

Transcript

  1. None
  2. None

  3. graphql { GraphQL GraphQL Architecture REST Vs GraphQL GraphQL Schema

    Introspection Query GraphQL Vulnerabilities Pentesting Tools GraphQL in Action !!! }
  4. None
  5. None
  6. None
  7. None
  8. None

  9. Ref: https://bit.ly/3hLZNO7

  10. Ref: https://bit.ly/3fBQSNk

  11. None
  12. None

  13. • Query – For Retrieving data/Results, similar to GET in

    REST. • Mutation – For Modifications Like POST/PUT/DELETE Operations. • Subscriptions – For Events/Realtime Updates. GraphQL Schema Subscriptions (Type) - EVENTS Mutations (Type) - WRITE Query (Type) - READ
  14. None
  15. None

  16. Change the POST request into GET Request. Append the payload

    on the Endpoint URL from below link https://pastebin.com/QyNaXVKg https://pastebin.com/dFdsTaDQ
  17. None

  18. SQL Injection NoSQL Injection Access Control Related Issues. Mass Assignment

    IDOR Bypassing 2FA/BruteForce Attacks. DOS Attacks etc.,
  19. None
  20. None
  21. None
  22. None
  23. None
  24. None
  25. None
  26. None
  27. None