Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Pentesting GraphQL APIs
Search
Arun
July 17, 2020
Technology
0
190
Pentesting GraphQL APIs
Arun
July 17, 2020
Tweet
Share
More Decks by Arun
See All by Arun
Offensive-GraphQL-API-Exploitation
hehacks
1
310
OWASP DevSlop
hehacks
0
28
Android Pentesting For Beginners - RE & Static Code Analysis
hehacks
0
99
iOS Pentesting for Beginners
hehacks
1
32
Metasploit Database Usage
hehacks
0
23
Other Decks in Technology
See All in Technology
金融サービスにおける高速な価値提供とAIの役割 #BetAIDay
layerx
PRO
1
780
形式手法特論:位相空間としての並行プログラミング #kernelvm / Kernel VM Study Tokyo 18th
ytaka23
3
1.1k
ロールが細分化された組織でSREと協働するインフラエンジニアは何をするか? / SRE Lounge #18
kossykinto
0
210
【Λ(らむだ)】最近のアプデ情報 / RPALT20250729
lambda
0
230
Amazon Qで2Dゲームを作成してみた
siromi
0
120
Agent Development Kitで始める生成 AI エージェント実践開発
danishi
0
130
データ基盤の管理者からGoogle Cloud全体の管理者になっていた話
zozotech
PRO
0
410
AWS DDoS攻撃防御の最前線
ryutakondo
1
140
いかにして命令の入れ替わりについて心配するのをやめ、メモリモデルを愛するようになったか(改)
nullpo_head
6
2.4k
バクラクによるコーポレート業務の自動運転 #BetAIDay
layerx
PRO
1
900
Claude CodeでKiroの仕様駆動開発を実現させるには...
gotalab555
3
950
Claude Codeから我々が学ぶべきこと
oikon48
10
2.8k
Featured
See All Featured
Building Applications with DynamoDB
mza
95
6.5k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
234
17k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
229
22k
Fantastic passwords and where to find them - at NoRuKo
philnash
51
3.4k
Imperfection Machines: The Place of Print at Facebook
scottboms
267
13k
Making the Leap to Tech Lead
cromwellryan
134
9.5k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
8
880
Scaling GitHub
holman
461
140k
KATA
mclloyd
32
14k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
283
13k
Code Reviewing Like a Champion
maltzj
524
40k
It's Worth the Effort
3n
185
28k
Transcript
None
None
graphql { GraphQL GraphQL Architecture REST Vs GraphQL GraphQL Schema
Introspection Query GraphQL Vulnerabilities Pentesting Tools GraphQL in Action !!! }
None
None
None
None
None
Ref: https://bit.ly/3hLZNO7
Ref: https://bit.ly/3fBQSNk
None
None
• Query – For Retrieving data/Results, similar to GET in
REST. • Mutation – For Modifications Like POST/PUT/DELETE Operations. • Subscriptions – For Events/Realtime Updates. GraphQL Schema Subscriptions (Type) - EVENTS Mutations (Type) - WRITE Query (Type) - READ
None
None
Change the POST request into GET Request. Append the payload
on the Endpoint URL from below link https://pastebin.com/QyNaXVKg https://pastebin.com/dFdsTaDQ
None
SQL Injection NoSQL Injection Access Control Related Issues. Mass Assignment
IDOR Bypassing 2FA/BruteForce Attacks. DOS Attacks etc.,
None
None
None
None
None
None
None
None
None