GraphQL API Security Testing
GraphQL Penetration Testing Resources
Books
GraphQL BlackHat Book
Cheat Sheets and Guides
OWASP GraphQL Cheat Sheet: Link
HackTricks GraphQL by Carlos Polop: Link
API Security Empire by Momen Eldawakhly: Link
Doyensec's "GraphQL—Security Overview" by Paolo Stagno: Link
YesWeHack's "How to Exploit GraphQL Endpoint": Link
0xn3va’s "GraphQL Vulnerabilities" Cheat Sheet: Link
Practice Labs
TryHackMe GraphQL Security Room: TryHackMe
AttackDefense GraphQL Labs: AttackDefense
GraphQL Security 101 by David3107: GitHub
HackMeGraph by 0xbigshaq: GitHub
poc-graphql by Righettod: GitHub
Videos
"Finding Your Next Bug: GraphQL" by Katie Paxton-Fear: YouTube
"GraphQL API Testing" by Arun S.: YouTube
"Hacking GraphQL for Beginners" by Farah Hawa: YouTube
"Abusing GraphQL Infrastructure" by Matt Szymanski: YouTube
"Introduction to GraphQL Security" by Christina Hastenrath: YouTube
"Damn GraphQL: Defending and Attacking APIs" by Dolev Farhi: YouTube
"Access Control Vulnerabilities in GraphQL APIs" by Nikita Stupin: YouTube
"GraphQL APIs from a Bug Hunter's Perspective" by Nikita Stupin: [YouTube](https
Last updated