GraphQL Exploitation: Secondary Context Attacks and Business Logic Vulnerabilities

Explore GraphQL exploitation techniques focusing on secondary context attacks and business logic vulnerabilities in this 33-minute OWASP Foundation presentation. Dive into offensive security strategies discovered during real-world assessments, where GraphQL serves as a jumping-off point to access impactful API endpoints. Learn how these exploits can lead to significant security impacts including unauthorized data access, account modification capabilities, cross-tenancy failures, and Server-Side Request Forgery (SSRF). This offensively focused talk presents fresh material on GraphQL security vulnerabilities without rehashing existing exploitation discussions, making it essential viewing for security professionals interested in advanced GraphQL attack vectors.