3,013
Posts
2,938
Threads
Retired
![[Image: 81yqMmHFQkL._SL1500_.jpg]](https://m.media-amazon.com/images/I/81yqMmHFQkL._SL1500_.jpg)
Black Hat GraphQL is for anyone interested in learning how to break and protect GraphQL APIs with the aid of offensive security testing. Whether you’re a penetration tester, security analyst, or software engineer, you’ll learn how to attack GraphQL APIs, develop hardening procedures, build automated security testing into your development pipeline, and validate controls, all with no prior exposure to GraphQL required.
Following an introduction to core concepts, you’ll build your lab, explore the difference between GraphQL and REST APIs, run your first query, and learn how to create custom queries.
You’ll also learn how to:
Use data collection and target mapping to learn about targets
Defend APIs against denial-of-service attacks and exploit insecure configurations in GraphQL servers to gather information on hardened targets
Impersonate users and take admin-level actions on a remote server
Uncover injection-based vulnerabilities in servers, databases, and client browsers
Exploit cross-site and server-side request forgery vulnerabilities, as well as cross-site WebSocket hijacking, to force a server to request sensitive information on your behalf
Dissect vulnerability disclosure reports and review exploit code to reveal how vulnerabilities have impacted large companies
Hidden Content
You must register or login to view this content.
 Until Further Notice I Am Retired
(20 days ago)Sauron Wrote:
Black Hat GraphQL is for anyone interested in learning how to break and protect GraphQL APIs with the aid of offensive security testing. Whether you’re a penetration tester, security analyst, or software engineer, you’ll learn how to attack GraphQL APIs, develop hardening procedures, build automated security testing into your development pipeline, and validate controls, all with no prior exposure to GraphQL required.
Following an introduction to core concepts, you’ll build your lab, explore the difference between GraphQL and REST APIs, run your first query, and learn how to create custom queries.
You’ll also learn how to:
Use data collection and target mapping to learn about targets
Defend APIs against denial-of-service attacks and exploit insecure configurations in GraphQL servers to gather information on hardened targets
Impersonate users and take admin-level actions on a remote server
Uncover injection-based vulnerabilities in servers, databases, and client browsers
Exploit cross-site and server-side request forgery vulnerabilities, as well as cross-site WebSocket hijacking, to force a server to request sensitive information on your behalf
Dissect vulnerability disclosure reports and review exploit code to reveal how vulnerabilities have impacted large companies
ty
|
