Welcome to Diana Initiative 2020 Virtual Conference.
For more information, please see our web site here :
Friday, August 21 • 12:00pm - 12:45pm
Offensive GraphQL API Exploitation

Log in to save this to your schedule, view media, leave feedback and see who's attending!

Nowadays, the GraphQL technology is used by some of the big tech giants like Facebook, GitHub, Pinterest, Twitter, HackerOne. The main reason behind that is that GraphQL gives enormous power to clients.
But, with great power come great responsibilities. Since developers are in charge of implementing access control and other security measures, applications are prone to classical web application vulnerabilities like Broken Access Controls, Insecure Direct Object References, Cross Site Scripting (XSS) and Classic Injection Bugs. This talk will be explaining the common security impacts faced while using the Graphql APIs and how an attacker makes use of it to attack the underlying infrastructure and ex-filtrate sensitive data from an organisation.

avatar for Arun S

Arun S

Lead security consultant, Ibm
Arun works as a Senior Security Consultant @ IBM India Software Labs, with more than 6 years of experience. He is a chapter leader for the null open source security community in Bangalore,  also conducted training and workshops at c0c0n and BSides Delhi security conferences.Arun... Read More →

Friday August 21, 2020 12:00pm - 12:45pm PDT
Red Team Village Booth