GraphQL API vulnerabilities

Contents

0 of 29

Finding GraphQL endpoints 0 of 6

Finding GraphQL endpoints APPRENTICE Get started

Universal queries APPRENTICE

Common endpoint names APPRENTICE

Common endpoint names - Continued APPRENTICE

Request methods APPRENTICE

Initial testing APPRENTICE

Exploiting unsanitized arguments 0 of 2

Exploiting unsanitized arguments APPRENTICE

Exploiting unsanitized arguments - Continued APPRENTICE

Discovering schema information 0 of 9

Discovering schema information APPRENTICE

Using introspection APPRENTICE

Probing for introspection APPRENTICE

Running a full introspection query APPRENTICE

Visualizing introspection results APPRENTICE

Suggestions APPRENTICE

Suggestions - Continued APPRENTICE

Lab: Accessing private GraphQL posts APPRENTICE

Lab: Accidental exposure of private GraphQL fields PRACTITIONER

Bypassing GraphQL introspection defenses 0 of 3

Bypassing GraphQL introspection defenses APPRENTICE

Bypassing GraphQL introspection defenses - Continued APPRENTICE

Lab: Finding a hidden GraphQL endpoint PRACTITIONER

Bypassing rate limiting using aliases 0 of 3

Bypassing rate limiting using aliases APPRENTICE

Bypassing rate limiting using aliases - Continued APPRENTICE

Lab: Bypassing GraphQL brute force protections PRACTITIONER

GraphQL CSRF 0 of 3

GraphQL CSRF APPRENTICE

How do CSRF over GraphQL vulnerabilities arise? APPRENTICE

Lab: Performing CSRF exploits over GraphQL PRACTITIONER

Preventing GraphQL attacks 0 of 1

Preventing GraphQL attacks APPRENTICE

Preventing GraphQL brute-force attacks 0 of 1

Preventing GraphQL brute force attacks APPRENTICE

Preventing CSRF over GraphQL 0 of 1

Preventing CSRF over GraphQL APPRENTICE