Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Pentesting GraphQL APIs
Search
Arun
July 17, 2020
Technology
0
190
Pentesting GraphQL APIs
Arun
July 17, 2020
Tweet
Share
More Decks by Arun
See All by Arun
Offensive-GraphQL-API-Exploitation
hehacks
1
290
OWASP DevSlop
hehacks
0
19
Android Pentesting For Beginners - RE & Static Code Analysis
hehacks
0
91
iOS Pentesting for Beginners
hehacks
1
25
Metasploit Database Usage
hehacks
0
19
Other Decks in Technology
See All in Technology
運用しているアプリケーションのDBのリプレイスをやってみた
miura55
1
730
2025-02-21 ゆるSRE勉強会 Enhancing SRE Using AI
yoshiiryo1
1
370
7日間でハッキングをはじめる本をはじめてみませんか?_ITエンジニア本大賞2025
nomizone
2
1.8k
現場で役立つAPIデザイン
nagix
33
12k
オブザーバビリティの観点でみるAWS / AWS from observability perspective
ymotongpoo
8
1.5k
Culture Deck
optfit
0
420
デスクトップだけじゃないUbuntu
mtyshibata
0
120
AndroidデバイスにFTPサーバを建立する
e10dokup
0
250
あれは良かった、あれは苦労したB2B2C型SaaSの新規開発におけるCloud Spanner
hirohito1108
2
620
OpenID BizDay#17 KYC WG活動報告(法人) / 20250219-BizDay17-KYC-legalidentity
oidfj
0
250
Developers Summit 2025 浅野卓也(13-B-7 LegalOn Technologies)
legalontechnologies
PRO
0
730
2024.02.19 W&B AIエージェントLT会 / AIエージェントが業務を代行するための計画と実行 / Algomatic 宮脇
smiyawaki0820
14
3.5k
Featured
See All Featured
The Power of CSS Pseudo Elements
geoffreycrofte
75
5.5k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.1k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
49
2.3k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
12
960
GraphQLとの向き合い方2022年版
quramy
44
13k
Making Projects Easy
brettharned
116
6k
Faster Mobile Websites
deanohume
306
31k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
46
2.3k
Raft: Consensus for Rubyists
vanstee
137
6.8k
Embracing the Ebb and Flow
colly
84
4.6k
Typedesign – Prime Four
hannesfritz
40
2.5k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
44
7k
Transcript
None
None
graphql { GraphQL GraphQL Architecture REST Vs GraphQL GraphQL Schema
Introspection Query GraphQL Vulnerabilities Pentesting Tools GraphQL in Action !!! }
None
None
None
None
None
Ref: https://bit.ly/3hLZNO7
Ref: https://bit.ly/3fBQSNk
None
None
• Query – For Retrieving data/Results, similar to GET in
REST. • Mutation – For Modifications Like POST/PUT/DELETE Operations. • Subscriptions – For Events/Realtime Updates. GraphQL Schema Subscriptions (Type) - EVENTS Mutations (Type) - WRITE Query (Type) - READ
None
None
Change the POST request into GET Request. Append the payload
on the Endpoint URL from below link https://pastebin.com/QyNaXVKg https://pastebin.com/dFdsTaDQ
None
SQL Injection NoSQL Injection Access Control Related Issues. Mass Assignment
IDOR Bypassing 2FA/BruteForce Attacks. DOS Attacks etc.,
None
None
None
None
None
None
None
None
None
hehacks
miura55
yoshiiryo1
nomizone
nagix
ymotongpoo
.png){kind=avatar}
optfit
mtyshibata
e10dokup
hirohito1108
oidfj
legalontechnologies
smiyawaki0820
geoffreycrofte
thoeni
tammyeverts
honnibal
quramy
brettharned
deanohume
vanstee
colly
hannesfritz
eileencodes
