Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

REST in Peace - Abusing GraphQL to Attack Underlying Infrastructure

via YouTube

Overview

Explore a conference talk that delves into the potential security vulnerabilities of GraphQL and how attackers can exploit them to target underlying infrastructure. Learn about the cons of GraphQL, including increased complexity and documentation challenges. Discover new attack methodologies, such as object reference attacks and mutations. Gain insights into debugging techniques, API vulnerabilities, and the importance of query cost analysis. Understand how hackers leverage GraphQL's features to their advantage and explore tools like AWS Security Toolkit and GraphQL Verb Extension. Examine real-world examples and common problems in software development related to GraphQL security.

Syllabus

Intro
Agenda
What is GraphQL
Cons of GraphQL
Increased Complexity
Documentation
Motivation
New Attack Methodology
How to Get
Validation
Object Reference Attacks
Mutations
New Data
Debug Mode
GARP
Rust API
Hackers get paid
A typical problem in software development
API mightyfall
Find the Endpoints
Make Requests
Debugging Data
Voyager
Fluent Leverage
Query
Mutation
Authorization
Thread Messages
The Real Problem
Query Cost Analysis
AWS Security Toolkit
GraphQL Verb Extension
Sequel Map
Do you have time

Reviews

Start your review of REST in Peace - Abusing GraphQL to Attack Underlying Infrastructure

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.