Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Pentesting GraphQL APIs
Search
Arun
July 17, 2020
Technology
0
190
Pentesting GraphQL APIs
Arun
July 17, 2020
Tweet
Share
More Decks by Arun
See All by Arun
Offensive-GraphQL-API-Exploitation
hehacks
1
290
OWASP DevSlop
hehacks
0
19
Android Pentesting For Beginners - RE & Static Code Analysis
hehacks
0
91
iOS Pentesting for Beginners
hehacks
1
25
Metasploit Database Usage
hehacks
0
19
Other Decks in Technology
See All in Technology
入門 PEAK Threat Hunting @SECCON
odorusatoshi
0
170
ABWG2024採択者が語るエンジニアとしての自分自身の見つけ方〜発信して、つながって、世界を広げていく〜
maimyyym
1
190
【詳説】コンテンツ配信 システムの複数機能 基盤への拡張
hatena
0
280
JavaにおけるNull非許容性
skrb
2
2.7k
Apache Iceberg Case Study in LY Corporation
lycorptech_jp
PRO
0
340
【内製開発Summit 2025】イオンスマートテクノロジーの内製化組織の作り方/In-house-development-summit-AST
aeonpeople
2
980
OCI Success Journey OCIの何が評価されてる?疑問に答える事例セミナー(2025年2月実施)
oracle4engineer
PRO
2
170
Cracking the Coding Interview 6th Edition
gdplabs
14
28k
IoTシステム開発の複雑さを低減するための統合的アーキテクチャ
kentaro
1
120
AI自体のOps 〜LLMアプリの運用、AWSサービスとOSSの使い分け〜
minorun365
PRO
7
570
EMConf JP 2025 懇親会LT / EMConf JP 2025 social gathering
sugamasao
2
200
AI Agent時代なのでAWSのLLMs.txtが欲しい!
watany
3
260
Featured
See All Featured
Adopting Sorbet at Scale
ufuk
74
9.2k
Optimizing for Happiness
mojombo
376
70k
Typedesign – Prime Four
hannesfritz
40
2.5k
A Modern Web Designer's Workflow
chriscoyier
693
190k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
330
21k
Embracing the Ebb and Flow
colly
84
4.6k
Raft: Consensus for Rubyists
vanstee
137
6.8k
VelocityConf: Rendering Performance Case Studies
addyosmani
328
24k
Bash Introduction
62gerente
611
210k
Building Adaptive Systems
keathley
40
2.4k
Gamification - CAS2011
davidbonilla
80
5.2k
Imperfection Machines: The Place of Print at Facebook
scottboms
267
13k
Transcript
None
None
graphql { GraphQL GraphQL Architecture REST Vs GraphQL GraphQL Schema
Introspection Query GraphQL Vulnerabilities Pentesting Tools GraphQL in Action !!! }
None
None
None
None
None
Ref: https://bit.ly/3hLZNO7
Ref: https://bit.ly/3fBQSNk
None
None
• Query – For Retrieving data/Results, similar to GET in
REST. • Mutation – For Modifications Like POST/PUT/DELETE Operations. • Subscriptions – For Events/Realtime Updates. GraphQL Schema Subscriptions (Type) - EVENTS Mutations (Type) - WRITE Query (Type) - READ
None
None
Change the POST request into GET Request. Append the payload
on the Endpoint URL from below link https://pastebin.com/QyNaXVKg https://pastebin.com/dFdsTaDQ
None
SQL Injection NoSQL Injection Access Control Related Issues. Mass Assignment
IDOR Bypassing 2FA/BruteForce Attacks. DOS Attacks etc.,
None
None
None
None
None
None
None
None
None