Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Pentesting GraphQL APIs

Sponsored · Ship Features Fearlessly Turn features on and off without deploys. Used by thousands of Ruby developers.
Avatar for Arun Arun
July 17, 2020
Technology
210
0

Pentesting GraphQL APIs

Avatar for Arun

Arun

July 17, 2020

More Decks by Arun

See All by Arun
Offensive-GraphQL-API-Exploitation
Avatar for Arun hehacks
1
340
OWASP DevSlop
Avatar for Arun hehacks
0
45
Android Pentesting For Beginners - RE & Static Code Analysis
Avatar for Arun hehacks
0
120
iOS Pentesting for Beginners
Avatar for Arun hehacks
1
47
Metasploit Database Usage
Avatar for Arun hehacks
0
39

Other Decks in Technology

See All in Technology
AI-DLCを活用した高品質・安全なAI駆動開発実践 / AI Driven Development with AI-DLC
Avatar for 吉田真吾 yoshidashingo
0
160
MCP Appsを作ってみよう
Avatar for iwamot iwamot
PRO
4
270
エンジニアリング戦略の作り方 / Crafting Engineering Strategy
Avatar for iwashi iwashi86
15
4.8k
AIにフローを作らせようとして挫折した話
Avatar for 濱津 太一|ユースフル hamatsutaichi
0
240
Agentic Web
Avatar for dynamis dynamis
1
190
NAB Show 2026 動画技術関連レポート / NAB Show 2026 Report
Avatar for CyberAgent cyberagentdevelopers
PRO
0
130
LLMにもCAP定理があるという話
Avatar for Haruka Sakihara harukasakihara
0
260
AmazonRoute 53ではじめてのドメイン取得!HTTPS化までの道のりを整理してみた
Avatar for usanchuu usanchuu
3
120
非定型業務をAI slackbotで自動化する ~ 社内要望を自動壁打ちするbotを作った ~/automating-ad-hoc-work-with-ai-slackbot
Avatar for shibayu36 shibayu36
0
530
noUncheckedIndexedAccess、3時間、1万円。 / noUncheckedIndexedAccess, 3 Hours, 10,000 JPY.
Avatar for 株式会社カオナビ kaonavi
1
340
「コーディング」しない人のための Claude Code 入門 ChatGPT の次の一歩 — 業務に組み込む 育成・共有・自動化
Avatar for ふくだ(fukuda ryu) rfdnxbro
2
1.2k
React、まだ楽しくて草
Avatar for uhyo uhyo
7
4.2k

Featured

See All Featured
The B2B funnel & how to create a winning content strategy
Avatar for Katarina Dahlin katarinadahlin
PRO
1
380
New Earth Scene 8
Avatar for Sydney Stone popppiees
3
2.3k
Self-Hosted WebAssembly Runtime for Runtime-Neutral Checkpoint/Restore in Edge–Cloud Continuum
Avatar for Yuki Nakata chikuwait chikuwait
0
570
Skip the Path - Find Your Career Trail
Avatar for Mark Kilby mkilby
1
140
A Guide to Academic Writing Using Generative AI - A Workshop
Avatar for Kenji Saito ks91
PRO
1
320
CSS Pre-Processors: Stylus, Less & Sass
Avatar for Bermon Painter bermonpainter
360
30k
DBのスキルで生き残る技術 - AI時代におけるテーブル設計の勘所
Avatar for soudai sone soudai
PRO
65
55k
GraphQLとの向き合い方2022年版
Avatar for Yosuke Kurami quramy
50
15k
Statistics for Hackers
Avatar for Jake VanderPlas jakevdp
799
230k
Believing is Seeing
Avatar for Spiro Bolos oripsolob
1
140
Navigating the moral maze — ethical principles for Al-driven product design
Avatar for Skipper Chong Warson skipperchong
2
380
Docker and Python
Avatar for Tania Allard trallard
47
3.9k

Transcript

  1. None
  2. None

  3. graphql { GraphQL GraphQL Architecture REST Vs GraphQL GraphQL Schema

    Introspection Query GraphQL Vulnerabilities Pentesting Tools GraphQL in Action !!! }
  4. None
  5. None
  6. None
  7. None
  8. None

  9. Ref: https://bit.ly/3hLZNO7

  10. Ref: https://bit.ly/3fBQSNk

  11. None
  12. None

  13. • Query – For Retrieving data/Results, similar to GET in

    REST. • Mutation – For Modifications Like POST/PUT/DELETE Operations. • Subscriptions – For Events/Realtime Updates. GraphQL Schema Subscriptions (Type) - EVENTS Mutations (Type) - WRITE Query (Type) - READ
  14. None
  15. None

  16. Change the POST request into GET Request. Append the payload

    on the Endpoint URL from below link https://pastebin.com/QyNaXVKg https://pastebin.com/dFdsTaDQ
  17. None

  18. SQL Injection NoSQL Injection Access Control Related Issues. Mass Assignment

    IDOR Bypassing 2FA/BruteForce Attacks. DOS Attacks etc.,
  19. None
  20. None
  21. None
  22. None
  23. None
  24. None
  25. None
  26. None
  27. None