Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Pentesting GraphQL APIs
Search
Arun
July 17, 2020
Technology
210
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Pentesting GraphQL APIs
Arun
July 17, 2020
More Decks by Arun
See All by Arun
Offensive-GraphQL-API-Exploitation
hehacks
1
340
OWASP DevSlop
hehacks
0
49
Android Pentesting For Beginners - RE & Static Code Analysis
hehacks
0
130
iOS Pentesting for Beginners
hehacks
1
49
Metasploit Database Usage
hehacks
0
40
Other Decks in Technology
See All in Technology
クラウドファンディング版StackChan 3体(4体)をインタラクティブな体験型作品にして展示もした話 / スタックチャンお誕生日会2026
you
PRO
0
260
4人目のSREはAgent
tanimuyk
0
320
フルAIで個人開発して学んだあれこれ / yuruai vol.1
isaoshimizu
0
160
水を運ぶ人としてのリーダーシップ
izumii19
4
1.1k
AIに障害切り分けを全部やってもらった。 。 。 。
estie
0
310
#エンジニアBooks 30分でわかる 「技術記事を書く技術」 / engineer-books 2026-06-30
jnchito
1
150
飲食店もAIで。レジ締めやハンディシステムをつくってる話 / Using AI for restaurant management
vtryo
0
210
コミュニティの有益性 ~JAWS Days 2026 での体験を通して~ / The Benefits of a Community ~Through My Experience at JAWS Days 2026~
seike460
PRO
0
310
「ビジネスがわかるエンジニア」とは何か?
ryooob
0
440
テスト設計の本質を改めて考えてみる~生成AIを活用する時代だからこそ、作ったテストの説明性を高めよう~
yamasaki696
1
230
データレイクの「見えない問題」を可視化する
sansantech
PRO
1
250
“ID沼入口” - 基本とセキュリティから始める、考え続けるためのID管理技術勉強会 告知&イントロ
ritou
0
340
Featured
See All Featured
KATA
mclloyd
PRO
35
15k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
46
2.9k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
28
3.5k
Tips & Tricks on How to Get Your First Job In Tech
honzajavorek
1
550
A Soul's Torment
seathinner
6
3k
The Art of Programming - Codeland 2020
erikaheidi
57
14k
Color Theory Basics | Prateek | Gurzu
gurzu
0
380
Fireside Chat
paigeccino
42
4k
Optimising Largest Contentful Paint
csswizardry
37
3.7k
Balancing Empowerment & Direction
lara
6
1.2k
The agentic SEO stack - context over prompts
schlessera
0
830
Exploring the relationship between traditional SERPs and Gen AI search
raygrieselhuber
PRO
2
4k
Transcript
None
None
graphql { GraphQL GraphQL Architecture REST Vs GraphQL GraphQL Schema
Introspection Query GraphQL Vulnerabilities Pentesting Tools GraphQL in Action !!! }
None
None
None
None
None
Ref: https://bit.ly/3hLZNO7
Ref: https://bit.ly/3fBQSNk
None
None
• Query – For Retrieving data/Results, similar to GET in
REST. • Mutation – For Modifications Like POST/PUT/DELETE Operations. • Subscriptions – For Events/Realtime Updates. GraphQL Schema Subscriptions (Type) - EVENTS Mutations (Type) - WRITE Query (Type) - READ
None
None
Change the POST request into GET Request. Append the payload
on the Endpoint URL from below link https://pastebin.com/QyNaXVKg https://pastebin.com/dFdsTaDQ
None
SQL Injection NoSQL Injection Access Control Related Issues. Mass Assignment
IDOR Bypassing 2FA/BruteForce Attacks. DOS Attacks etc.,
None
None
None
None
None
None
None
None
None