Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Pentesting GraphQL APIs

Avatar for Arun Arun
July 17, 2020
Technology
0
200

Pentesting GraphQL APIs

Avatar for Arun

Arun

July 17, 2020
Tweet

More Decks by Arun

See All by Arun
Offensive-GraphQL-API-Exploitation
Avatar for Arun hehacks
1
330
OWASP DevSlop
Avatar for Arun hehacks
0
33
Android Pentesting For Beginners - RE & Static Code Analysis
Avatar for Arun hehacks
0
110
iOS Pentesting for Beginners
Avatar for Arun hehacks
1
41
Metasploit Database Usage
Avatar for Arun hehacks
0
34

Other Decks in Technology

See All in Technology
夢の無限スパゲッティ製造機 #phperkaigi
Avatar for hideki kinjyo o0h
PRO
0
150
Claude Code のコード品質がばらつくので AI に品質保証させる仕組みを作った話 / A story about building a mechanism to have AI ensure quality, because the code quality from Claude Code was inconsistent
Avatar for nrs nrslib
13
8.6k
僕、S3  シンプルって名前だけど全然シンプルじゃありません よろしくお願いします
Avatar for Yuuki Yamashita yama3133
1
230
プラットフォームエンジニアリングはAI時代の開発者をどう救うのか
Avatar for Kazuto Kusama jacopen
7
3.8k
Kubernetesにおける推論基盤
Avatar for ry ry
1
420
Go標準パッケージのI/O処理をながめる
Avatar for matumoto matumoto
0
220
脳内メモリ、思ったより揮発性だった
Avatar for koutorino koutorino
0
380
スクリプトの先へ!AIエージェントと組み合わせる モバイルE2Eテスト
Avatar for Ryo WATANABE error96num
0
190
非情報系研究者へ送る Transformer入門
Avatar for Ryo Ishiyama rishiyama
14
8.8k
Yahoo!ショッピングのレコメンデーション・システムにおけるML実践の一例 
Avatar for LINEヤフーTech (LY Corporation Tech) lycorptech_jp
PRO
1
230
[JAWSDAYS2026]Who is responsible for IAM
Avatar for Mizuki TSUJI mizukibbb
0
880
NewSQL_ ストレージ分離と分散合意を用いたスケーラブルアーキテクチャ
Avatar for hacomono Inc. hacomono
PRO
4
400

Featured

See All Featured
A Tale of Four Properties
Avatar for Chris Coyier chriscoyier
163
24k
A better future with KSS
Avatar for Kyle Neath kneath
240
18k
Self-Hosted WebAssembly Runtime for Runtime-Neutral Checkpoint/Restore in Edge–Cloud Continuum
Avatar for Yuki Nakata chikuwait chikuwait
0
400
Sam Torres - BigQuery for SEOs
Avatar for Tech SEO Connect techseoconnect
PRO
0
220
CSS Pre-Processors: Stylus, Less & Sass
Avatar for Bermon Painter bermonpainter
360
30k
Darren the Foodie - Storyboard
Avatar for Kevinho.art khoart
PRO
3
2.9k
Why Our Code Smells
Avatar for Brandon Keepers bkeepers
PRO
340
58k
Organizational Design Perspectives: An Ontology of Organizational Design Elements
Avatar for Dr. Kim W Petersen kimpetersen
PRO
1
640
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
Avatar for Eileen M. Uchitelle eileencodes
38
2.8k
Un-Boring Meetings
Avatar for Sebastian Deterding codingconduct
0
230
The Limits of Empathy - UXLibs8
Avatar for Cassini Nazir cassininazir
1
260
Learning to Love Humans: Emotional Interface Design
Avatar for Aarron Walter aarron
275
41k

Transcript

  1. None
  2. None

  3. graphql { GraphQL GraphQL Architecture REST Vs GraphQL GraphQL Schema

    Introspection Query GraphQL Vulnerabilities Pentesting Tools GraphQL in Action !!! }
  4. None
  5. None
  6. None
  7. None
  8. None

  9. Ref: https://bit.ly/3hLZNO7

  10. Ref: https://bit.ly/3fBQSNk

  11. None
  12. None

  13. • Query – For Retrieving data/Results, similar to GET in

    REST. • Mutation – For Modifications Like POST/PUT/DELETE Operations. • Subscriptions – For Events/Realtime Updates. GraphQL Schema Subscriptions (Type) - EVENTS Mutations (Type) - WRITE Query (Type) - READ
  14. None
  15. None

  16. Change the POST request into GET Request. Append the payload

    on the Endpoint URL from below link https://pastebin.com/QyNaXVKg https://pastebin.com/dFdsTaDQ
  17. None

  18. SQL Injection NoSQL Injection Access Control Related Issues. Mass Assignment

    IDOR Bypassing 2FA/BruteForce Attacks. DOS Attacks etc.,
  19. None
  20. None
  21. None
  22. None
  23. None
  24. None
  25. None
  26. None
  27. None