Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Pentesting GraphQL APIs
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Arun
July 17, 2020
Technology
0
200
Pentesting GraphQL APIs
Arun
July 17, 2020
Tweet
Share
More Decks by Arun
See All by Arun
Offensive-GraphQL-API-Exploitation
hehacks
1
330
OWASP DevSlop
hehacks
0
32
Android Pentesting For Beginners - RE & Static Code Analysis
hehacks
0
110
iOS Pentesting for Beginners
hehacks
1
41
Metasploit Database Usage
hehacks
0
34
Other Decks in Technology
See All in Technology
Data Hubグループ 紹介資料
sansan33
PRO
0
2.8k
社内でAWS BuilderCards体験会を立ち上げ、得られた気づき / 20260225 Masaki Okuda
shift_evolve
PRO
1
130
器用貧乏が強みになるまで ~「なんでもやる」が導いたエンジニアとしての現在地~
kakehashi
PRO
5
590
Secure Boot 2026 - Aggiornamento dei certificati UEFI e piano di adozione in azienda
memiug
0
120
2026-02-25 Tokyo dbt meetup プロダクトと融合したCI/CD で実現する、堅牢なデータパイプラインの作り方
y_ken
0
150
primeNumber DATA MANAGEMENT CAMP #2:
masatoshi0205
1
590
【PyCon mini Shizuoka 2026】生成AI時代に画像処理やオーディオ処理のノードエディターを作る理由
kazuhitotakahashi
0
150
GoとWasmでつくる軽量ブラウザUI
keyl0ve
0
140
OCI技術資料 : 外部接続 VPN接続 詳細
ocise
1
10k
Introduction to Sansan, inc / Sansan Global Development Center, Inc.
sansan33
PRO
0
3k
Claude Codeはレガシー移行でどこまで使えるのか?
ak2ie
0
1k
AIエンジニア Devin と歩む、自律型運用プロセスの構築
a2ito
0
150
Featured
See All Featured
The untapped power of vector embeddings
frankvandijk
2
1.6k
Making the Leap to Tech Lead
cromwellryan
135
9.7k
Beyond borders and beyond the search box: How to win the global "messy middle" with AI-driven SEO
davidcarrasco
2
65
Skip the Path - Find Your Career Trail
mkilby
0
69
Introduction to Domain-Driven Design and Collaborative software design
baasie
1
610
Tips & Tricks on How to Get Your First Job In Tech
honzajavorek
0
450
How to train your dragon (web standard)
notwaldorf
97
6.5k
How to build a perfect <img>
jonoalderson
1
5.2k
Leveraging LLMs for student feedback in introductory data science courses - posit::conf(2025)
minecr
1
180
YesSQL, Process and Tooling at Scale
rocio
174
15k
Large-scale JavaScript Application Architecture
addyosmani
515
110k
Designing Experiences People Love
moore
144
24k
Transcript
None
None
graphql { GraphQL GraphQL Architecture REST Vs GraphQL GraphQL Schema
Introspection Query GraphQL Vulnerabilities Pentesting Tools GraphQL in Action !!! }
None
None
None
None
None
Ref: https://bit.ly/3hLZNO7
Ref: https://bit.ly/3fBQSNk
None
None
• Query – For Retrieving data/Results, similar to GET in
REST. • Mutation – For Modifications Like POST/PUT/DELETE Operations. • Subscriptions – For Events/Realtime Updates. GraphQL Schema Subscriptions (Type) - EVENTS Mutations (Type) - WRITE Query (Type) - READ
None
None
Change the POST request into GET Request. Append the payload
on the Endpoint URL from below link https://pastebin.com/QyNaXVKg https://pastebin.com/dFdsTaDQ
None
SQL Injection NoSQL Injection Access Control Related Issues. Mass Assignment
IDOR Bypassing 2FA/BruteForce Attacks. DOS Attacks etc.,
None
None
None
None
None
None
None
None
None
SiteGround - Reliable hosting with speed, security, and support you can count on.
hehacks
sansan33
shift_evolve
kakehashi
memiug
y_ken
masatoshi0205
kazuhitotakahashi
keyl0ve
ocise
ak2ie
a2ito
frankvandijk
cromwellryan
davidcarrasco
mkilby
baasie
honzajavorek
notwaldorf
jonoalderson
minecr
rocio
addyosmani
moore
