YoVDO

Damn GraphQL - Attacking and Defending APIs

Offered By: NorthSec via YouTube

Tags

NorthSec Courses GraphQL Courses Information Gathering Courses API Security Courses Injection Attacks Courses Security Testing Courses

Course Description

Overview

Explore GraphQL security in this NorthSec conference talk. Gain insights into attacking and defending GraphQL APIs, a REST alternative. Learn GraphQL basics, attack vectors, and defense strategies. Discover the Damn Vulnerable GraphQL Application (DVGA) for safe testing. Dive into topics like introspection, query batching, circular queries, and field duplication. Understand the challenges of securing new technologies and the importance of balancing adoption with security. Benefit from the speaker's extensive experience in Fintech and cybersecurity as you prepare for GraphQL's increasing presence in corporate networks.

Syllabus

Intro
Schema
Mutations
Just GraphQL things
Introspection
Field Suggestions
Query Batching
Query Aliasing
Circular Queries
Operation Name Tampering
Field Duplication
Summary
About the Vulnerability
About the Exploit
Like DVWA, but for GraphQL


Taught by

NorthSec

Related Courses

Español Salamanca A2
Universidad de Salamanca via Miríadax Discovering Science: Science Writing
University of Leeds via FutureLearn Создание концепции интерфейса
Moscow Institute of Physics and Technology via Coursera การรู้สารสนเทศ |Infomation Literacy
Nakhon Ratchasima Rajabhat University via ThaiMOOC Procurement Negotiation
Rutgers University via Coursera