Written by hackers for hackers this hands-on book teaches penetration testers how to identify
vulnerabilities in apps that use GraphQL a data query and manipulation language for APIs
adopted by major companies like Facebook and GitHub. Black Hat GraphQL is for anyone
interested in learning how to break and protect GraphQL APIs with the aid of offensive security
testing. Whether you’re a penetration tester security analyst or software engineer you’ll
learn how to attack GraphQL APIs develop hardening procedures build automated security
testing into your development pipeline and validate controls all with no prior exposure to
GraphQL required. Following an introduction to core concepts you’ll build your lab explore
the difference between GraphQL and REST APIs run your first query and learn how to create
custom queries. You’ll also learn how to: Use data collection and target mapping to learn
about targets Defend APIs against denial-of-service attacks and exploit insecure
configurations in GraphQL servers to gather information on hardened targets Impersonate users
and take admin-level actions on a remote server Uncover injection-based vulnerabilities in
servers databases and client browsers Exploit cross-site and server-side request forgery
vulnerabilities as well as cross-site WebSocket hijacking to force a server to request
sensitive information on your behalf Dissect vulnerability disclosure reports and review
exploit code to reveal how vulnerabilities have impacted large companies This comprehensive
resource provides everything you need to defend GraphQL APIs and build secure applications.
Think of it as your umbrella in a lightning storm.
