Overview
This course focuses on attacking and defending APIs, specifically GraphQL. The learning outcomes include understanding GraphQL basics, identifying and defending against various attack vectors such as Information Gathering, Denial of Service, and Injections. The course also introduces Damn Vulnerable GraphQL Application (DVGA) for hands-on learning. The intended audience for this course is security professionals looking to enhance their knowledge of GraphQL security testing and defense strategies. The teaching method includes a talk by a security engineer with extensive experience in the field.
Syllabus
Intro
Schema
Mutations
Just GraphQL things
Introspection
Field Suggestions
Query Batching
Query Aliasing
Circular Queries
Operation Name Tampering
Field Duplication
Summary
About the Vulnerability
About the Exploit
Like DVWA, but for GraphQL
Taught by
NorthSec