14 Attacking GraphQL

This chapter will guide you through the process of attacking the Damn Vulnerable GraphQL Application (DVGA) using the API hacking techniques we’ve covered so far. We’ll begin with active reconnaissance, transition to API analysis, and conclude by attempting various attacks against the application.

As you’ll see, there are some major differences between the RESTful APIs we’ve been working with throughout this book and GraphQL APIs. I will guide you through these differences and demonstrate how we can leverage the same hacking techniques by adapting them to GraphQL. In the process, you’ll get a sense of how you might apply ...

Get Hacking APIs now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.