Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Pentesting GraphQL APIs

Avatar for Arun Arun
July 17, 2020
Technology
0
190

Pentesting GraphQL APIs

Avatar for Arun

Arun

July 17, 2020
Tweet

More Decks by Arun

See All by Arun
Offensive-GraphQL-API-Exploitation
Avatar for Arun hehacks
1
310
OWASP DevSlop
Avatar for Arun hehacks
0
28
Android Pentesting For Beginners - RE & Static Code Analysis
Avatar for Arun hehacks
0
99
iOS Pentesting for Beginners
Avatar for Arun hehacks
1
32
Metasploit Database Usage
Avatar for Arun hehacks
0
23

Other Decks in Technology

See All in Technology
金融サービスにおける高速な価値提供とAIの役割 #BetAIDay
Avatar for LayerX layerx
PRO
1
780
形式手法特論:位相空間としての並行プログラミング #kernelvm / Kernel VM Study Tokyo 18th
Avatar for y_taka_23 ytaka23
3
1.1k
ロールが細分化された組織でSREと協働するインフラエンジニアは何をするか? / SRE Lounge #18
Avatar for Hajime KOSHIRO kossykinto
0
210
【Λ(らむだ)】最近のアプデ情報 / RPALT20250729
Avatar for Λ lambda
0
230
Amazon Qで2Dゲームを作成してみた
Avatar for Siromi siromi
0
120
Agent Development Kitで始める生成 AI エージェント実践開発
Avatar for danishi danishi
0
130
データ基盤の管理者からGoogle Cloud全体の管理者になっていた話
Avatar for ZOZO Developers zozotech
PRO
0
410
AWS DDoS攻撃防御の最前線
Avatar for R.Kondo ryutakondo
1
140
いかにして命令の入れ替わりについて心配するのをやめ、メモリモデルを 愛するようになったか(改)
Avatar for Takaya Saeki nullpo_head
6
2.4k
バクラクによるコーポレート業務の自動運転 #BetAIDay
Avatar for LayerX layerx
PRO
1
900
Claude CodeでKiroの仕様駆動開発を実現させるには...
Avatar for Gota gotalab555
3
950
Claude Codeから我々が学ぶべきこと
Avatar for Oikon oikon48
10
2.8k

Featured

See All Featured
Building Applications with DynamoDB
Avatar for Matt Wood mza
95
6.5k
Fight the Zombie Pattern Library - RWD Summit 2016
Avatar for Marcelo Somers marcelosomers
234
17k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
Avatar for Dan Newman danielanewman
229
22k
Fantastic passwords and where to find them - at NoRuKo
Avatar for Phil Nash philnash
51
3.4k
Imperfection Machines: The Place of Print at Facebook
Avatar for Scott Boms scottboms
267
13k
Making the Leap to Tech Lead
Avatar for Ryan Cromwell cromwellryan
134
9.5k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
Avatar for Irina Nazarova irinanazarova
8
880
Scaling GitHub
Avatar for Zach Holman holman
461
140k
KATA
Avatar for Megan Lloyd mclloyd
32
14k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
Avatar for Stéphanie Walter stephaniewalter
283
13k
Code Reviewing Like a Champion
Avatar for maltzj maltzj
524
40k
It's Worth the Effort
Avatar for 3n 3n
185
28k

Transcript

  1. None
  2. None

  3. graphql { GraphQL GraphQL Architecture REST Vs GraphQL GraphQL Schema

    Introspection Query GraphQL Vulnerabilities Pentesting Tools GraphQL in Action !!! }
  4. None
  5. None
  6. None
  7. None
  8. None

  9. Ref: https://bit.ly/3hLZNO7

  10. Ref: https://bit.ly/3fBQSNk

  11. None
  12. None

  13. • Query – For Retrieving data/Results, similar to GET in

    REST. • Mutation – For Modifications Like POST/PUT/DELETE Operations. • Subscriptions – For Events/Realtime Updates. GraphQL Schema Subscriptions (Type) - EVENTS Mutations (Type) - WRITE Query (Type) - READ
  14. None
  15. None

  16. Change the POST request into GET Request. Append the payload

    on the Endpoint URL from below link https://pastebin.com/QyNaXVKg https://pastebin.com/dFdsTaDQ
  17. None

  18. SQL Injection NoSQL Injection Access Control Related Issues. Mass Assignment

    IDOR Bypassing 2FA/BruteForce Attacks. DOS Attacks etc.,
  19. None
  20. None
  21. None
  22. None
  23. None
  24. None
  25. None
  26. None
  27. None