Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Pentesting GraphQL APIs
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Arun
July 17, 2020
Technology
210
0
Share
Pentesting GraphQL APIs
Arun
July 17, 2020
More Decks by Arun
See All by Arun
Offensive-GraphQL-API-Exploitation
hehacks
1
340
OWASP DevSlop
hehacks
0
42
Android Pentesting For Beginners - RE & Static Code Analysis
hehacks
0
120
iOS Pentesting for Beginners
hehacks
1
46
Metasploit Database Usage
hehacks
0
39
Other Decks in Technology
See All in Technology
Geek Woman の育ち方 〜コミュニティとAIと〜
chicaco
0
390
Orchestration Development Workshopを半期実施して
lycorptech_jp
PRO
0
360
JaSSTに関わることで変わった人生観 #jasstnano
makky_tyuyan
0
180
freee-mcpを Local→Remote で出してわかった MCP認可実装のリアル
terara
2
520
【禁断】Obsidianの第二の脳に「知の巨人」と呼ばれた師匠の脳をロードしてみた
nagatsu
0
5.9k
基礎から解説!Icebergで紐解くSnowflake×Databricks連携の現在地
cm_yasuhara
0
230
コーディングエージェントはTypeScriptの 型エラーをどう自己修正しているのか
melonps
4
430
Amazon Bedrock で生成AI活用サービスをセキュアに構築する方法
takanorig
1
110
Oracle AI Database@AWS:サービス概要のご紹介
oracle4engineer
PRO
4
2.6k
コーポレートサイトのアクセシビリティ改善とJIS準拠への実践
lycorptech_jp
PRO
2
130
TSKaigi 2026 - 型プラグインシステムの実装に使われるテクニック
teamlab
PRO
2
300
layerx-fde-practices
cipepser
6
2.6k
Featured
See All Featured
Applied NLP in the Age of Generative AI
inesmontani
PRO
4
2.3k
30 Presentation Tips
portentint
PRO
1
300
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
27k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
333
22k
Building Better People: How to give real-time feedback that sticks.
wjessup
370
20k
Stop Working from a Prison Cell
hatefulcrawdad
274
21k
The Hidden Cost of Media on the Web [PixelPalooza 2025]
tammyeverts
2
300
The Invisible Side of Design
smashingmag
302
52k
The MySQL Ecosystem @ GitHub 2015
samlambert
251
13k
Avoiding the “Bad Training, Faster” Trap in the Age of AI
tmiket
0
150
Conquering PDFs: document understanding beyond plain text
inesmontani
PRO
4
2.7k
Getting science done with accelerated Python computing platforms
jacobtomlinson
2
210
Transcript
None
None
graphql { GraphQL GraphQL Architecture REST Vs GraphQL GraphQL Schema
Introspection Query GraphQL Vulnerabilities Pentesting Tools GraphQL in Action !!! }
None
None
None
None
None
Ref: https://bit.ly/3hLZNO7
Ref: https://bit.ly/3fBQSNk
None
None
• Query – For Retrieving data/Results, similar to GET in
REST. • Mutation – For Modifications Like POST/PUT/DELETE Operations. • Subscriptions – For Events/Realtime Updates. GraphQL Schema Subscriptions (Type) - EVENTS Mutations (Type) - WRITE Query (Type) - READ
None
None
Change the POST request into GET Request. Append the payload
on the Endpoint URL from below link https://pastebin.com/QyNaXVKg https://pastebin.com/dFdsTaDQ
None
SQL Injection NoSQL Injection Access Control Related Issues. Mass Assignment
IDOR Bypassing 2FA/BruteForce Attacks. DOS Attacks etc.,
None
None
None
None
None
None
None
None
None
SiteGround - Reliable hosting with speed, security, and support you can count on.
hehacks
chicaco
lycorptech_jp
makky_tyuyan
terara
nagatsu
cm_yasuhara
melonps
takanorig
oracle4engineer
teamlab
cipepser
inesmontani
portentint
cassininazir
caitiem20
wjessup
hatefulcrawdad
tammyeverts
smashingmag
samlambert
tmiket
jacobtomlinson
