Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

REST in Peace - Abusing GraphQL to Attack Underlying Infrastructure

Bugcrowd via YouTube

Overview

Explore the security implications of GraphQL APIs in this conference talk from Bugcrowd's LevelUp 0x05 event. Learn about the potential vulnerabilities in GraphQL implementations and how attackers can exploit them to target underlying infrastructure. Gain insights into GraphQL-specific attack techniques, adapted traditional methods, and strategies for efficiently testing large GraphQL schemas. Discover how to leverage introspection queries, identify implementation errors, and navigate challenges when introspection is disabled. Examine real-world examples, understand protective measures, and get introduced to new tools for streamlining GraphQL security assessments. Equip yourself with the knowledge to approach GraphQL from a hacker's perspective and conduct thorough security evaluations of this increasingly popular API technology.

Syllabus

Intro
GraphQL
GraphQL Schema
GraphQL introspection queries
GraphQL endpoints
GraphQL bloopers
How to attack GraphQL
What to do if introspection is disabled
Attack techniques
Protecting GraphQL
ShapeShifter
Questions
Understanding GraphQL
Hacker 101
Realworld example
What is GraphQL

Taught by

Bugcrowd

Reviews

Start your review of REST in Peace - Abusing GraphQL to Attack Underlying Infrastructure

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.