Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Pentesting GraphQL APIs
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Arun
July 17, 2020
Technology
200
0
Share
Pentesting GraphQL APIs
Arun
July 17, 2020
More Decks by Arun
See All by Arun
Offensive-GraphQL-API-Exploitation
hehacks
1
330
OWASP DevSlop
hehacks
0
39
Android Pentesting For Beginners - RE & Static Code Analysis
hehacks
0
120
iOS Pentesting for Beginners
hehacks
1
44
Metasploit Database Usage
hehacks
0
37
Other Decks in Technology
See All in Technology
ハーネスエンジニアリング×AI適応開発
aictokamiya
3
1.5k
AWS DevOps Agent or Kiro の使いどころを考える_20260402
masakiokuda
0
180
Claude Teamプランの選定と、できること/できないこと
rfdnxbro
1
730
OPENLOGI Company Profile
hr01
0
83k
AIドリブン開発の実践知 ― AI-DLC Unicorn Gym実施から見えた可能性と課題
mixi_engineers
PRO
0
110
Oracle AI Database@AWS:サービス概要のご紹介
oracle4engineer
PRO
4
2.1k
Oracle AI Databaseデータベース・サービス: BaseDB/ExaDB-Dの可用性
oracle4engineer
PRO
1
120
ブラックボックス化したMLシステムのVertex AI移行 / mlops_community_62
visional_engineering_and_design
1
280
BIツール「Omni」の紹介 @Snowflake中部UG
sagara
0
200
GitHub Copilotを極める会 - 開発者のための活用術
findy_eventslides
5
2.3k
Oracle AI Database@Google Cloud:サービス概要のご紹介
oracle4engineer
PRO
6
1.3k
仕様通り動くの先へ。Claude Codeで「使える」を検証する
gotalab555
8
2.4k
Featured
See All Featured
Designing Powerful Visuals for Engaging Learning
tmiket
1
320
4 Signs Your Business is Dying
shpigford
187
22k
Accessibility Awareness
sabderemane
0
93
Bootstrapping a Software Product
garrettdimon
PRO
307
120k
Embracing the Ebb and Flow
colly
88
5k
Measuring Dark Social's Impact On Conversion and Attribution
stephenakadiri
1
170
Chasing Engaging Ingredients in Design
codingconduct
0
160
Game over? The fight for quality and originality in the time of robots
wayneb77
1
160
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
9
1.2k
From π to Pie charts
rasagy
0
160
The Impact of AI in SEO - AI Overviews June 2024 Edition
aleyda
5
780
B2B Lead Gen: Tactics, Traps & Triumph
marketingsoph
0
97
Transcript
None
None
graphql { GraphQL GraphQL Architecture REST Vs GraphQL GraphQL Schema
Introspection Query GraphQL Vulnerabilities Pentesting Tools GraphQL in Action !!! }
None
None
None
None
None
Ref: https://bit.ly/3hLZNO7
Ref: https://bit.ly/3fBQSNk
None
None
• Query – For Retrieving data/Results, similar to GET in
REST. • Mutation – For Modifications Like POST/PUT/DELETE Operations. • Subscriptions – For Events/Realtime Updates. GraphQL Schema Subscriptions (Type) - EVENTS Mutations (Type) - WRITE Query (Type) - READ
None
None
Change the POST request into GET Request. Append the payload
on the Endpoint URL from below link https://pastebin.com/QyNaXVKg https://pastebin.com/dFdsTaDQ
None
SQL Injection NoSQL Injection Access Control Related Issues. Mass Assignment
IDOR Bypassing 2FA/BruteForce Attacks. DOS Attacks etc.,
None
None
None
None
None
None
None
None
None
hehacks
aictokamiya
masakiokuda
rfdnxbro
hr01
mixi_engineers
oracle4engineer
visional_engineering_and_design
sagara
findy_eventslides
gotalab555
tmiket
shpigford
sabderemane
garrettdimon
colly
stephenakadiri
codingconduct
wayneb77
irinanazarova
rasagy
aleyda
marketingsoph
