Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Pentesting GraphQL APIs
Search
Arun
July 17, 2020
Technology
0
180
Pentesting GraphQL APIs
Arun
July 17, 2020
Tweet
Share
More Decks by Arun
See All by Arun
Offensive-GraphQL-API-Exploitation
hehacks
1
290
OWASP DevSlop
hehacks
0
18
Android Pentesting For Beginners - RE & Static Code Analysis
hehacks
0
84
iOS Pentesting for Beginners
hehacks
1
25
Metasploit Database Usage
hehacks
0
18
Other Decks in Technology
See All in Technology
visionOSでの空間表現実装とImmersive Video表示について / ai-immersive-visionos
cyberagentdevelopers
PRO
1
110
Forget efficiency – Become more productive without the stress
ufried
0
140
カメラを用いた店内計測におけるオプトインの仕組みの実現 / ai-optin-camera
cyberagentdevelopers
PRO
1
120
Commitment vs Harrisonism - Keynote for Scrum Niseko 2024
miholovesq
6
1.1k
とあるユーザー企業におけるリスクベースで考えるセキュリティ業務のお話し
4su_para
3
320
ガバメントクラウド単独利用方式におけるIaC活用
techniczna
3
270
ABEMA のコンテンツ制作を最適化!生成 AI x クラウド映像編集システム / abema-ai-editor
cyberagentdevelopers
PRO
1
180
Jr. Championsになって、強く連携しながらAWSをもっと使いたい!~AWSに対する期待と行動~
amixedcolor
0
190
Vueで Webコンポーネントを作って Reactで使う / 20241030-cloudsign-vuefes_after_night
bengo4com
4
2.5k
omakaseしないための.rubocop.yml のつくりかた / How to Build Your .rubocop.yml to Avoid Omakase #kaigionrails
linkers_tech
3
740
Figma Dev Modeで進化するデザインとエンジニアリングの協働 / figma-with-engineering
cyberagentdevelopers
PRO
1
430
フルカイテン株式会社 採用資料
fullkaiten
0
36k
Featured
See All Featured
GraphQLとの向き合い方2022年版
quramy
43
13k
Building Flexible Design Systems
yeseniaperezcruz
327
38k
Large-scale JavaScript Application Architecture
addyosmani
510
110k
Building Your Own Lightsaber
phodgson
102
6k
Put a Button on it: Removing Barriers to Going Fast.
kastner
59
3.5k
A Modern Web Designer's Workflow
chriscoyier
692
190k
Done Done
chrislema
181
16k
How To Stay Up To Date on Web Technology
chriscoyier
788
250k
The Language of Interfaces
destraynor
154
24k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
226
22k
Optimising Largest Contentful Paint
csswizardry
33
2.9k
The Art of Programming - Codeland 2020
erikaheidi
51
13k
Transcript
None
None
graphql { GraphQL GraphQL Architecture REST Vs GraphQL GraphQL Schema
Introspection Query GraphQL Vulnerabilities Pentesting Tools GraphQL in Action !!! }
None
None
None
None
None
Ref: https://bit.ly/3hLZNO7
Ref: https://bit.ly/3fBQSNk
None
None
• Query – For Retrieving data/Results, similar to GET in
REST. • Mutation – For Modifications Like POST/PUT/DELETE Operations. • Subscriptions – For Events/Realtime Updates. GraphQL Schema Subscriptions (Type) - EVENTS Mutations (Type) - WRITE Query (Type) - READ
None
None
Change the POST request into GET Request. Append the payload
on the Endpoint URL from below link https://pastebin.com/QyNaXVKg https://pastebin.com/dFdsTaDQ
None
SQL Injection NoSQL Injection Access Control Related Issues. Mass Assignment
IDOR Bypassing 2FA/BruteForce Attacks. DOS Attacks etc.,
None
None
None
None
None
None
None
None
None
hehacks
cyberagentdevelopers
ufried
miholovesq
4su_para
techniczna
amixedcolor
bengo4com
linkers_tech
fullkaiten
quramy
yeseniaperezcruz
addyosmani
phodgson
kastner
chriscoyier
chrislema
destraynor
danielanewman
csswizardry
erikaheidi
