Ctrlk

GraphQL API Security Testing

GraphQL Penetration Testing Resources

Blogs

GraphQL: How It Works, Why It Beats REST, & Security RisksDeepStrike

Books

GraphQL BlackHat Book

Cheat Sheets and Guides

OWASP GraphQL Cheat Sheet: Link
HackTricks GraphQL by Carlos Polop: Link
API Security Empire by Momen Eldawakhly: Link
Doyensec's "GraphQL—Security Overview" by Paolo Stagno: Link
YesWeHack's "How to Exploit GraphQL Endpoint": Link
0xn3va’s "GraphQL Vulnerabilities" Cheat Sheet: Link

Practice Labs

TryHackMe GraphQL Security Room: TryHackMe
AttackDefense GraphQL Labs: AttackDefense
GraphQL Security 101 by David3107: GitHub
HackMeGraph by 0xbigshaq: GitHub
poc-graphql by Righettod: GitHub

Videos

"Finding Your Next Bug: GraphQL" by Katie Paxton-Fear: YouTube
"GraphQL API Testing" by Arun S.: YouTube
"Hacking GraphQL for Beginners" by Farah Hawa: YouTube
"Abusing GraphQL Infrastructure" by Matt Szymanski: YouTube
"Introduction to GraphQL Security" by Christina Hastenrath: YouTube
"Damn GraphQL: Defending and Attacking APIs" by Dolev Farhi: YouTube
"Access Control Vulnerabilities in GraphQL APIs" by Nikita Stupin: YouTube
"GraphQL APIs from a Bug Hunter's Perspective" by Nikita Stupin: [YouTube](https

PreviousAPI-Sec NextThe Basics

Last updated 8 months ago

Was this helpful?