Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Pentesting GraphQL APIs
Search
Arun
July 17, 2020
Technology
0
180
Pentesting GraphQL APIs
Arun
July 17, 2020
Tweet
Share
More Decks by Arun
See All by Arun
Offensive-GraphQL-API-Exploitation
hehacks
1
290
OWASP DevSlop
hehacks
0
19
Android Pentesting For Beginners - RE & Static Code Analysis
hehacks
0
89
iOS Pentesting for Beginners
hehacks
1
25
Metasploit Database Usage
hehacks
0
18
Other Decks in Technology
See All in Technology
EMConf JP の楽しみ方 / How to enjoy EMConf JP
pauli
2
150
JuliaTokaiとJuliaLangJaの紹介 for NGK2025S
antimon2
1
120
Goで実践するBFP
hiroyaterui
1
120
Cloudflareで実現する AIエージェント ワークフロー基盤
kmd09
0
290
dbtを中心にして組織のアジリティとガバナンスのトレードオンを考えてみた
gappy50
0
280
Godot Engineについて調べてみた
unsoluble_sugar
0
410
0→1事業こそPMは営業すべし / pmconf #落選お披露目 / PM should do sales in zero to one
roki_n_
PRO
1
1.5k
いま現場PMのあなたが、 経営と向き合うPMになるために 必要なこと、腹をくくること
hiro93n
9
7.7k
2024AWSで個人的にアツかったアップデート
nagisa53
1
110
.NET 最新アップデート ~ AI とクラウド時代のアプリモダナイゼーション
chack411
0
200
When Windows Meets Kubernetes…
pichuang
0
310
自社 200 記事を元に整理した読みやすいテックブログを書くための Tips 集
masakihirose
2
330
Featured
See All Featured
Fireside Chat
paigeccino
34
3.1k
How to train your dragon (web standard)
notwaldorf
89
5.8k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
251
21k
Designing Experiences People Love
moore
139
23k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
10
870
Site-Speed That Sticks
csswizardry
3
270
Become a Pro
speakerdeck
PRO
26
5.1k
YesSQL, Process and Tooling at Scale
rocio
170
14k
Building a Scalable Design System with Sketch
lauravandoore
460
33k
The World Runs on Bad Software
bkeepers
PRO
66
11k
Measuring & Analyzing Core Web Vitals
bluesmoon
5
210
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
38
1.9k
Transcript
None
None
graphql { GraphQL GraphQL Architecture REST Vs GraphQL GraphQL Schema
Introspection Query GraphQL Vulnerabilities Pentesting Tools GraphQL in Action !!! }
None
None
None
None
None
Ref: https://bit.ly/3hLZNO7
Ref: https://bit.ly/3fBQSNk
None
None
• Query – For Retrieving data/Results, similar to GET in
REST. • Mutation – For Modifications Like POST/PUT/DELETE Operations. • Subscriptions – For Events/Realtime Updates. GraphQL Schema Subscriptions (Type) - EVENTS Mutations (Type) - WRITE Query (Type) - READ
None
None
Change the POST request into GET Request. Append the payload
on the Endpoint URL from below link https://pastebin.com/QyNaXVKg https://pastebin.com/dFdsTaDQ
None
SQL Injection NoSQL Injection Access Control Related Issues. Mass Assignment
IDOR Bypassing 2FA/BruteForce Attacks. DOS Attacks etc.,
None
None
None
None
None
None
None
None
None
hehacks
pauli
antimon2
hiroyaterui
kmd09
gappy50
unsoluble_sugar
roki_n_
hiro93n
nagisa53
chack411
pichuang
masakihirose
paigeccino
notwaldorf
smashingmag
moore
honnibal
csswizardry
speakerdeck
rocio
lauravandoore
bkeepers
bluesmoon
bcantrill
