This chapter will guide you through the process of attacking the Damn Vulnerable GraphQL Application (DVGA) using the API hacking techniques we’ve covered so far. We’ll begin with active reconnaissance, transition to API analysis, and conclude by attempting various attacks against the application.

As you’ll see, there are some major differences between the RESTful APIs we’ve been working with throughout this book and GraphQL APIs. I will guide you through these differences and demonstrate how we can leverage the same hacking techniques by adapting them to GraphQL. In the process, you’ll get a sense of how you might apply ...