Lock in $30 Savings on PRO—Offer Ends Soon! ⏳
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Pentesting GraphQL APIs
Search
Arun
July 17, 2020
Technology
0
200
Pentesting GraphQL APIs
Arun
July 17, 2020
Tweet
Share
More Decks by Arun
See All by Arun
Offensive-GraphQL-API-Exploitation
hehacks
1
320
OWASP DevSlop
hehacks
0
30
Android Pentesting For Beginners - RE & Static Code Analysis
hehacks
0
100
iOS Pentesting for Beginners
hehacks
1
36
Metasploit Database Usage
hehacks
0
30
Other Decks in Technology
See All in Technology
Haskell を武器にして挑む競技プログラミング ─ 操作的思考から意味モデル思考へ
naoya
6
1.3k
AIと二人三脚で育てた、個人開発アプリグロース術
zozotech
PRO
1
700
因果AIへの招待
sshimizu2006
0
940
LT登壇を続けたらポッドキャストに呼ばれた話
yamatai1212
0
120
今からでも間に合う!速習Devin入門とその活用方法
ismk
1
590
MapKitとオープンデータで実現する地図情報の拡張と可視化
zozotech
PRO
1
130
LLM-Readyなデータ基盤を高速に構築するためのアジャイルデータモデリングの実例
kashira
0
220
re:Inventで気になったサービスを10分でいけるところまでお話しします
yama3133
1
120
WordPress は終わったのか ~今のWordPress の制作手法ってなにがあんねん?~ / Is WordPress Over? How We Build with WordPress Today
tbshiki
1
590
AWS Trainium3 をちょっと身近に感じたい
bigmuramura
1
130
ガバメントクラウド利用システムのライフサイクルについて
techniczna
0
190
AWS Bedrock AgentCoreで作る 1on1支援AIエージェント 〜Memory × Evaluationsによる実践開発〜
yusukeshimizu
6
380
Featured
See All Featured
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
54k
Bash Introduction
62gerente
615
210k
Intergalactic Javascript Robots from Outer Space
tanoku
273
27k
Art, The Web, and Tiny UX
lynnandtonic
303
21k
Building Flexible Design Systems
yeseniaperezcruz
330
39k
A designer walks into a library…
pauljervisheath
210
24k
Build your cross-platform service in a week with App Engine
jlugia
234
18k
Optimizing for Happiness
mojombo
379
70k
[RailsConf 2023] Rails as a piece of cake
palkan
58
6.1k
Java REST API Framework Comparison - PWX 2021
mraible
34
9k
Rails Girls Zürich Keynote
gr2m
95
14k
Into the Great Unknown - MozCon
thekraken
40
2.2k
Transcript
None
None
graphql { GraphQL GraphQL Architecture REST Vs GraphQL GraphQL Schema
Introspection Query GraphQL Vulnerabilities Pentesting Tools GraphQL in Action !!! }
None
None
None
None
None
Ref: https://bit.ly/3hLZNO7
Ref: https://bit.ly/3fBQSNk
None
None
• Query – For Retrieving data/Results, similar to GET in
REST. • Mutation – For Modifications Like POST/PUT/DELETE Operations. • Subscriptions – For Events/Realtime Updates. GraphQL Schema Subscriptions (Type) - EVENTS Mutations (Type) - WRITE Query (Type) - READ
None
None
Change the POST request into GET Request. Append the payload
on the Endpoint URL from below link https://pastebin.com/QyNaXVKg https://pastebin.com/dFdsTaDQ
None
SQL Injection NoSQL Injection Access Control Related Issues. Mass Assignment
IDOR Bypassing 2FA/BruteForce Attacks. DOS Attacks etc.,
None
None
None
None
None
None
None
None
None
hehacks
naoya
zozotech
sshimizu2006
yamatai1212
ismk
kashira
yama3133
tbshiki
bigmuramura
techniczna
yusukeshimizu
destraynor
62gerente
tanoku
lynnandtonic
yeseniaperezcruz
pauljervisheath
jlugia
mojombo
palkan
mraible
gr2m
thekraken
