| Index | Section |
|---|---|
| 1 | About the attack |
| 2 | References |
Pentesting GraphQL may look hard if you are not familiar but there is still a lot to explore and exploit once you understand how it works. Today, It's all about continue reading and some good resources.
- https://security-simplified.com/blog/NDY/graphql-penetration-testing
- https://www.youtube.com/watch?v=Wb0BO8J7024
- https://www.pentestpartners.com/security-blog/pwning-wordpress-graphql/
- https://threatninja.net/tutorial-on-graphql-injection/
- https://labs.bishopfox.com/tech-blog/design-considerations-for-secure-graphql-apis
- https://hackerone.com/reports/885539
- https://hackerone.com/reports/645299
- https://hackerone.com/reports/419883
- https://hackerone.com/reports/614355
- https://hackerone.com/reports/633001
- https://hackerone.com/reports/489146
- https://hackerone.com/reports/608656
- https://hackerone.com/reports/423388
- https://hackerone.com/reports/707433
- https://hackerone.com/reports/417170
- https://hackerone.com/reports/800231
- https://hackerone.com/reports/924914
- https://hackerone.com/reports/898528
- https://hackerone.com/reports/978143
- https://hackerone.com/reports/715192