GraphQL API Security Testing

GraphQL Penetration Testing Resources

Blogs

GraphQL: How It Works, Why It Beats REST, & Security RisksDeepStrike

Books

• GraphQL BlackHat Book

Cheat Sheets and Guides

• OWASP GraphQL Cheat Sheet: Link

• HackTricks GraphQL by Carlos Polop: Link

• API Security Empire by Momen Eldawakhly: Link

• Doyensec's "GraphQL—Security Overview" by Paolo Stagno: Link

• YesWeHack's "How to Exploit GraphQL Endpoint": Link

• 0xn3va’s "GraphQL Vulnerabilities" Cheat Sheet: Link

Practice Labs

• TryHackMe GraphQL Security Room: TryHackMe

• AttackDefense GraphQL Labs: AttackDefense

• GraphQL Security 101 by David3107: GitHub

• HackMeGraph by 0xbigshaq: GitHub

• poc-graphql by Righettod: GitHub

Videos

• "Finding Your Next Bug: GraphQL" by Katie Paxton-Fear: YouTube

• "GraphQL API Testing" by Arun S.: YouTube

• "Hacking GraphQL for Beginners" by Farah Hawa: YouTube

• "Abusing GraphQL Infrastructure" by Matt Szymanski: YouTube

• "Introduction to GraphQL Security" by Christina Hastenrath: YouTube

• "Damn GraphQL: Defending and Attacking APIs" by Dolev Farhi: YouTube

• "Access Control Vulnerabilities in GraphQL APIs" by Nikita Stupin: YouTube

• "GraphQL APIs from a Bug Hunter's Perspective" by Nikita Stupin: [YouTube](https