Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Damn GraphQL - Attacking and Defending APIs

NorthSec via YouTube

Start learning Write review
Simplilearn Ad

Pass the PMP® Exam on Your First Try — Expert-Led Training

Learn More → Coursera Ad

AI, Data Science & Cloud Certificates from Google, IBM & Meta

Learn More →

Overview

Google, IBM & Meta Certificates — All 10,000+ Courses at 40% Off
One annual plan covers every course and certificate on Coursera. 40% off for a limited time.
Get Full Access
Explore GraphQL security in this NorthSec conference talk. Gain insights into attacking and defending GraphQL APIs, a REST alternative. Learn GraphQL basics, attack vectors, and defense strategies. Discover the Damn Vulnerable GraphQL Application (DVGA) for safe testing. Dive into topics like introspection, query batching, circular queries, and field duplication. Understand the challenges of securing new technologies and the importance of balancing adoption with security. Benefit from the speaker's extensive experience in Fintech and cybersecurity as you prepare for GraphQL's increasing presence in corporate networks.

Syllabus

Intro
Schema
Mutations
Just GraphQL things
Introspection
Field Suggestions
Query Batching
Query Aliasing
Circular Queries
Operation Name Tampering
Field Duplication
Summary
About the Vulnerability
About the Exploit
Like DVWA, but for GraphQL

Taught by

NorthSec

Reviews

Start your review of Damn GraphQL - Attacking and Defending APIs

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.