GraphQL

GraphQL is a query language for APIs and a runtime for fulfilling those queries with existing data. GraphQL provides a complete and understandable description of the data in API, gives clients the power to ask for exactly what they need and nothing more, makes it easier to evolve APIs over time, and enables powerful developer tools.

LogoGraphQL | A query language for your APIgraphql

Learning Reference

Primer

  1. NetNinja: https://www.youtube.com/playlist?list=PL4cUxeGkcC9gUxtblNUahcsg0WLxmrK_y (Watch Video 1 & 2)

  2. Portswigger Academy: https://portswigger.net/web-security/graphql (First Start with the Basics)

  3. Black Hat GraphQL by Nick Aleks, Dolev Farhi (Chapter 1)

Pentest Learning and Practice

  1. Portswigger Academy GraphQL Rests

  2. Black Hat GraphQL - Rest Chapters

  3. Damn Vulnerable GraphQL Application: https://github.com/dolevf/Damn-Vulnerable-GraphQL-Application?tab=readme-ov-file

Application Understanding

  1. NodeJS Course (LWS): https://www.youtube.com/watch?v=WC-g0JtEIwM&list=PLHiZ4m8vCp9PHnOIT7gd30PCBoYCpGoQM&index=1

  2. NetNinja Rest of the Videos regarding GraphQL

PreviousAPI PentestingNextPrimer

Last updated