Burp Suite Enterprise Edition is now available in our secure Cloud  –  Learn more
Back to all learning paths
PRACTITIONER

GraphQL API vulnerabilities

This learning path explores common vulnerabilities associated with GraphQL APIs due to implementation and design flaws. You'll learn how to find GraphQL endpoints, bypass some common defenses, and exploit a range of GraphQL API vulnerabilities.

Contents

Get started: Finding GraphQL endpoints

0 of 29

GET STARTED


Finding GraphQL endpoints 0 of 6



Exploiting unsanitized arguments 0 of 2



Discovering schema information 0 of 9



Bypassing GraphQL introspection defenses 0 of 3



Bypassing rate limiting using aliases 0 of 3



GraphQL CSRF 0 of 3



Preventing GraphQL attacks 0 of 1



Preventing GraphQL brute-force attacks 0 of 1



Preventing CSRF over GraphQL 0 of 1