YoVDO

Damn GraphQL - Attacking and Defending APIs

Offered By: NorthSec via YouTube

Tags

NorthSec Courses GraphQL Courses Information Gathering Courses API Security Courses Injection Attacks Courses Security Testing Courses

Course Description

Overview

Explore GraphQL security in this NorthSec conference talk. Gain insights into attacking and defending GraphQL APIs, a REST alternative. Learn GraphQL basics, attack vectors, and defense strategies. Discover the Damn Vulnerable GraphQL Application (DVGA) for safe testing. Dive into topics like introspection, query batching, circular queries, and field duplication. Understand the challenges of securing new technologies and the importance of balancing adoption with security. Benefit from the speaker's extensive experience in Fintech and cybersecurity as you prepare for GraphQL's increasing presence in corporate networks.

Syllabus

Intro
Schema
Mutations
Just GraphQL things
Introspection
Field Suggestions
Query Batching
Query Aliasing
Circular Queries
Operation Name Tampering
Field Duplication
Summary
About the Vulnerability
About the Exploit
Like DVWA, but for GraphQL


Taught by

NorthSec

Related Courses

Exploring GraphQL: A Query Language for APIs
Linux Foundation via edX Complete React Developer (w/ Redux, Hooks, GraphQL)
Udemy Python Bootcamp: Learn, Code, Build
Udemy The Modern GraphQL Bootcamp (with Node.js and Apollo)
Udemy The complete NestJS developer. Enterprise Node.js framework
Udemy