Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Pentesting GraphQL APIs
Search
Arun
July 17, 2020
Technology
0
200
Pentesting GraphQL APIs
Arun
July 17, 2020
Tweet
Share
More Decks by Arun
See All by Arun
Offensive-GraphQL-API-Exploitation
hehacks
1
320
OWASP DevSlop
hehacks
0
31
Android Pentesting For Beginners - RE & Static Code Analysis
hehacks
0
110
iOS Pentesting for Beginners
hehacks
1
39
Metasploit Database Usage
hehacks
0
33
Other Decks in Technology
See All in Technology
Context Engineeringが企業で不可欠になる理由
hirosatogamo
PRO
2
380
FinTech SREのAWSサービス活用/Leveraging AWS Services in FinTech SRE
maaaato
0
120
ClickHouseはどのように大規模データを活用したAIエージェントを全社展開しているのか
mikimatsumoto
0
190
コスト削減から「セキュリティと利便性」を担うプラットフォームへ
sansantech
PRO
3
1.3k
CDK対応したAWS DevOps Agentを試そう_20260201
masakiokuda
1
190
SREじゃなかった僕らがenablingを通じて「SRE実践者」になるまでのリアル / SRE Kaigi 2026
aeonpeople
6
2.1k
Mosaic AI Gatewayでコーディングエージェントを配るための運用Tips / JEDAI 2026 新春 Meetup! AIコーディング特集
genda
0
150
(金融庁共催)第4回金融データ活用チャレンジ勉強会資料
takumimukaiyama
0
120
【インシデント入門】サイバー攻撃を受けた現場って何してるの?
shumei_ito
0
1.5k
OCI Database Management サービス詳細
oracle4engineer
PRO
1
7.3k
2026年はチャンキングを極める!
shibuiwilliam
9
1.9k
システムのアラート調査をサポートするAI Agentの紹介/Introduction to an AI Agent for System Alert Investigation
taddy_919
2
1.7k
Featured
See All Featured
Avoiding the “Bad Training, Faster” Trap in the Age of AI
tmiket
0
72
Efficient Content Optimization with Google Search Console & Apps Script
katarinadahlin
PRO
0
310
Leo the Paperboy
mayatellez
4
1.4k
Into the Great Unknown - MozCon
thekraken
40
2.2k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
35
3.3k
Future Trends and Review - Lecture 12 - Web Technologies (1019888BNR)
signer
PRO
0
3.2k
A better future with KSS
kneath
240
18k
Marketing Yourself as an Engineer | Alaka | Gurzu
gurzu
0
130
Speed Design
sergeychernyshev
33
1.5k
How to Talk to Developers About Accessibility
jct
2
130
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
32
2k
End of SEO as We Know It (SMX Advanced Version)
ipullrank
3
3.9k
Transcript
None
None
graphql { GraphQL GraphQL Architecture REST Vs GraphQL GraphQL Schema
Introspection Query GraphQL Vulnerabilities Pentesting Tools GraphQL in Action !!! }
None
None
None
None
None
Ref: https://bit.ly/3hLZNO7
Ref: https://bit.ly/3fBQSNk
None
None
• Query – For Retrieving data/Results, similar to GET in
REST. • Mutation – For Modifications Like POST/PUT/DELETE Operations. • Subscriptions – For Events/Realtime Updates. GraphQL Schema Subscriptions (Type) - EVENTS Mutations (Type) - WRITE Query (Type) - READ
None
None
Change the POST request into GET Request. Append the payload
on the Endpoint URL from below link https://pastebin.com/QyNaXVKg https://pastebin.com/dFdsTaDQ
None
SQL Injection NoSQL Injection Access Control Related Issues. Mass Assignment
IDOR Bypassing 2FA/BruteForce Attacks. DOS Attacks etc.,
None
None
None
None
None
None
None
None
None
hehacks
hirosatogamo
maaaato
mikimatsumoto
sansantech
masakiokuda
aeonpeople
genda
takumimukaiyama
shumei_ito
oracle4engineer
shibuiwilliam
taddy_919
tmiket
katarinadahlin
mayatellez
thekraken
rmw
signer
kneath
gurzu
sergeychernyshev
jct
garrettdimon
ipullrank
