REST in Peace - Abusing GraphQL to Attack Underlying Infrastructure

Explore the security implications of GraphQL APIs in this conference talk from Bugcrowd's LevelUp 0x05 event. Learn about the potential vulnerabilities in GraphQL implementations and how attackers can exploit them to target underlying infrastructure. Gain insights into GraphQL-specific attack techniques, adapted traditional methods, and strategies for efficiently testing large GraphQL schemas. Discover how to leverage introspection queries, identify implementation errors, and navigate challenges when introspection is disabled. Examine real-world examples, understand protective measures, and get introduced to new tools for streamlining GraphQL security assessments. Equip yourself with the knowledge to approach GraphQL from a hacker's perspective and conduct thorough security evaluations of this increasingly popular API technology.