YoVDO

Damn GraphQL - Attacking and Defending APIs

Offered By: NorthSec via YouTube

Tags

NorthSec Courses GraphQL Courses Information Gathering Courses API Security Courses Injection Attacks Courses Security Testing Courses

Course Description

Overview

Explore GraphQL security in this NorthSec conference talk. Gain insights into attacking and defending GraphQL APIs, a REST alternative. Learn GraphQL basics, attack vectors, and defense strategies. Discover the Damn Vulnerable GraphQL Application (DVGA) for safe testing. Dive into topics like introspection, query batching, circular queries, and field duplication. Understand the challenges of securing new technologies and the importance of balancing adoption with security. Benefit from the speaker's extensive experience in Fintech and cybersecurity as you prepare for GraphQL's increasing presence in corporate networks.

Syllabus

Intro
Schema
Mutations
Just GraphQL things
Introspection
Field Suggestions
Query Batching
Query Aliasing
Circular Queries
Operation Name Tampering
Field Duplication
Summary
About the Vulnerability
About the Exploit
Like DVWA, but for GraphQL


Taught by

NorthSec

Related Courses

I Am Become Loadbalancer, Owner of Your Network
NorthSec via YouTube The Risks of RDP and How to Mitigate Them
NorthSec via YouTube Authentication Challenges in SaaS Integration and Cloud Transformation
NorthSec via YouTube Building CANtact Pro - An Open Source CAN Bus Tool
NorthSec via YouTube Unmasking the Chameleons of the Criminal Underground
NorthSec via YouTube