Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Pentesting GraphQL APIs
Search
Arun
July 17, 2020
Technology
0
190
Pentesting GraphQL APIs
Arun
July 17, 2020
Tweet
Share
More Decks by Arun
See All by Arun
Offensive-GraphQL-API-Exploitation
hehacks
1
300
OWASP DevSlop
hehacks
0
22
Android Pentesting For Beginners - RE & Static Code Analysis
hehacks
0
94
iOS Pentesting for Beginners
hehacks
1
27
Metasploit Database Usage
hehacks
0
21
Other Decks in Technology
See All in Technology
数百台のオンプレミスのサーバーをEKSに移行した話
yukiteraoka
0
770
DevinはクラウドエンジニアAIになれるのか!? 実践的なガードレール設計/devin-can-become-a-cloud-engineer-ai-practical-guardrail-design
tomoki10
3
1.5k
入社後SREチームのミッションや課題の整理をした話
morix1500
1
220
こんなデータマートは嫌だ。どんな? / waiwai-data-meetup-202504
shuntak
2
550
デザインシステムのレガシーコンポーネントを刷新した話/Design System Legacy Renewal
kaonavi
0
130
SRE NEXT CfP チームが語る 聞きたくなるプロポーザルとは / Proposals by the SRE NEXT CfP Team that are sure to be accepted
chaspy
1
340
Amebaにおける Platform Engineeringの実践
kumorn5s
5
820
お問い合わせ対応の改善取り組みとその進め方
masartz
1
590
Tokyo dbt Meetup #13 dbtと連携するBI製品&機能ざっくり紹介
sagara
0
320
コドモンのQAの今までとこれから -XPによる成長と見えてきた課題-
masasuna
0
140
Zabbixチョットデキルとは!?
kujiraitakahiro
0
120
SREが実現する開発者体験の革新
sansantech
PRO
0
120
Featured
See All Featured
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
251
21k
Done Done
chrislema
183
16k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
40
2.1k
BBQ
matthewcrist
88
9.6k
The Art of Programming - Codeland 2020
erikaheidi
53
13k
The Straight Up "How To Draw Better" Workshop
denniskardys
232
140k
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
135
33k
Building Applications with DynamoDB
mza
94
6.3k
Art, The Web, and Tiny UX
lynnandtonic
298
20k
Building Flexible Design Systems
yeseniaperezcruz
328
38k
GitHub's CSS Performance
jonrohan
1030
460k
Transcript
None
None
graphql { GraphQL GraphQL Architecture REST Vs GraphQL GraphQL Schema
Introspection Query GraphQL Vulnerabilities Pentesting Tools GraphQL in Action !!! }
None
None
None
None
None
Ref: https://bit.ly/3hLZNO7
Ref: https://bit.ly/3fBQSNk
None
None
• Query – For Retrieving data/Results, similar to GET in
REST. • Mutation – For Modifications Like POST/PUT/DELETE Operations. • Subscriptions – For Events/Realtime Updates. GraphQL Schema Subscriptions (Type) - EVENTS Mutations (Type) - WRITE Query (Type) - READ
None
None
Change the POST request into GET Request. Append the payload
on the Endpoint URL from below link https://pastebin.com/QyNaXVKg https://pastebin.com/dFdsTaDQ
None
SQL Injection NoSQL Injection Access Control Related Issues. Mass Assignment
IDOR Bypassing 2FA/BruteForce Attacks. DOS Attacks etc.,
None
None
None
None
None
None
None
None
None