Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Pentesting GraphQL APIs
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Arun
July 17, 2020
Technology
200
0
Share
Pentesting GraphQL APIs
Arun
July 17, 2020
More Decks by Arun
See All by Arun
Offensive-GraphQL-API-Exploitation
hehacks
1
330
OWASP DevSlop
hehacks
0
39
Android Pentesting For Beginners - RE & Static Code Analysis
hehacks
0
120
iOS Pentesting for Beginners
hehacks
1
44
Metasploit Database Usage
hehacks
0
37
Other Decks in Technology
See All in Technology
AI時代に新卒採用、はじめました/junior-engineer-never-die
dmnlk
0
130
最大のアウトプット術は問題を作ること
ryoaccount
0
300
ZOZOTOWNリプレイスでのSkills導入までの流れとこれから
zozotech
PRO
4
2.5k
組織的なAI活用を阻む 最大のハードルは コンテキストデザインだった
ixbox
1
650
【AWS】CloudTrail LakeとCloudWatch Logs Insightsの使い分け方針
tsurunosd
0
130
AgentCore RuntimeからS3 Filesをマウントしてみる
har1101
2
270
OCI技術資料 : ロード・バランサ 概要 - FLB・NLB共通
ocise
4
27k
2026-04-02 IBM Bobオンボーディング入門
yutanonaka
0
210
AIにより大幅に強化された AWS Transform Customを触ってみる
0air
0
310
主催・運営として"場をつくる” というアウトプットのススメ
_mossann_t
0
110
Databricks Appsで実現する社内向けAIアプリ開発の効率化
r_miura
0
320
Oracle AI Database@AWS:サービス概要のご紹介
oracle4engineer
PRO
4
2.1k
Featured
See All Featured
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
659
61k
Are puppies a ranking factor?
jonoalderson
1
3.2k
Beyond borders and beyond the search box: How to win the global "messy middle" with AI-driven SEO
davidcarrasco
3
100
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
12
1.6k
Designing Powerful Visuals for Engaging Learning
tmiket
1
320
From Legacy to Launchpad: Building Startup-Ready Communities
dugsong
0
190
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
122
21k
Public Speaking Without Barfing On Your Shoes - THAT 2023
reverentgeek
1
360
Test your architecture with Archunit
thirion
1
2.2k
<Decoding/> the Language of Devs - We Love SEO 2024
nikkihalliwell
1
180
How Fast Is Fast Enough? [PerfNow 2025]
tammyeverts
3
510
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
360
30k
Transcript
None
None
graphql { GraphQL GraphQL Architecture REST Vs GraphQL GraphQL Schema
Introspection Query GraphQL Vulnerabilities Pentesting Tools GraphQL in Action !!! }
None
None
None
None
None
Ref: https://bit.ly/3hLZNO7
Ref: https://bit.ly/3fBQSNk
None
None
• Query – For Retrieving data/Results, similar to GET in
REST. • Mutation – For Modifications Like POST/PUT/DELETE Operations. • Subscriptions – For Events/Realtime Updates. GraphQL Schema Subscriptions (Type) - EVENTS Mutations (Type) - WRITE Query (Type) - READ
None
None
Change the POST request into GET Request. Append the payload
on the Endpoint URL from below link https://pastebin.com/QyNaXVKg https://pastebin.com/dFdsTaDQ
None
SQL Injection NoSQL Injection Access Control Related Issues. Mass Assignment
IDOR Bypassing 2FA/BruteForce Attacks. DOS Attacks etc.,
None
None
None
None
None
None
None
None
None
hehacks
dmnlk
ryoaccount
zozotech
ixbox
tsurunosd
har1101
ocise
yutanonaka
0air
_mossann_t
.png){kind=avatar}
r_miura
oracle4engineer
lemiorhan
jonoalderson
davidcarrasco
tammyeverts
tmiket
dugsong
panda_program
reverentgeek
thirion
nikkihalliwell
bermonpainter
