GraphQL Security for Beginners

Описание: Want to try a GraphQL security challenge for yourself? Alex's Advanced Web Hacking course has a module dedicated to GraphQL. Try it for yourself here: https://www.tcm.rocks/awh-yt

Sponsor a Video: https://www.tcm.rocks/Sponsors
Pentests & Security Consulting: https://tcm-sec.com
Get Trained: https://academy.tcm-sec.com
Get Certified: https://certifications.tcm-sec.com
Merch: https://merch.tcm-sec.com

GraphQL has revolutionized the way APIs are built, offering unparalleled flexibility with single-endpoint queries. But with this power comes potential risk! In this video, Alex dives deep into the world of GraphQL security, covering:

A primer on how GraphQL differs from traditional REST APIs
Key features attackers can exploit to extract sensitive data
Crafting complex queries that can lead to over-fetching information
The security risks of GraphQL introspection and why it's crucial to secure it

Whether you're a developer looking to build secure GraphQL APIs or a pentester exploring potential vulnerabilities, this video will equip you with the knowledge you need to safeguard your GraphQL implementations.

Have you checked out the GraphQL module in our Advanced Web Hacking course yet? Let us know in the comments below!

Don't forget to like, subscribe, and hit the bell icon for more deep dives into web security and hacking techniques!

#apisecurity #graphql #cybersecurity #hacking #infosec

📱Social Media📱
___________________________________________
X: https://x.com/TCMSecurity
Twitch:   / thecybermentor  
Instagram:   / tcmsecurity  
LinkedIn:   / tcm-security-inc  
TikTok:   / tcmsecurity  
Discord:   / discord  
Facebook:   / tcmsecure  

Timestamps:
00:00 Introduction to GraphQL
00:28 What is GraphQL?
02:25 Sponsor message
02:51 GraphQL code
07:00 Introspection and Information Disclosure
13:02 Outro

💸Donate💸
___________________________________________
Like the channel? Please consider supporting me on Patreon:
  / thecybermentor  
Support the stream (one-time): https://streamlabs.com/thecybermentor

Hacker Books:
Penetration Testing: A Hands-On Introduction to Hacking: https://amzn.to/31GN7iX
The Hacker Playbook 3: https://amzn.to/34XkIY2
Hacking: The Art of Exploitation: https://amzn.to/2VchDyL
The Web Application Hacker's Handbook: https://amzn.to/30Fj21S
Real-World Bug Hunting: A Field Guide to Web Hacking: https://amzn.to/2V9srOe
Social Engineering: The Science of Human Hacking: https://amzn.to/31HAmVx
Linux Basics for Hackers: https://amzn.to/34WvcXP
Python Crash Course, 2nd Edition: https://amzn.to/30gINu0
Violent Python: https://amzn.to/2QoGoJn
Black Hat Python: https://amzn.to/2V9GpQk

My Build:
lg 32gk850g-b 32" Gaming Monitor:https://amzn.to/30C0qzV
darkFlash Phantom Black ATX Mid-Tower Case: https://amzn.to/30d1UW1
EVGA 2080TI: https://amzn.to/30d2lj7
MSI Z390 MotherBoard: https://amzn.to/30eu5TL
Intel 9700K: https://amzn.to/2M7hM2p
G.SKILL 32GB DDR4 RAM: https://amzn.to/2M638Zb
Razer Nommo Chroma Speakers: https://amzn.to/30bWjiK
Razer BlackWidow Chroma Keyboard: https://amzn.to/2V7A0or
CORSAIR Pro RBG Gaming Mouse: https://amzn.to/30hvg4P
Sennheiser RS 175 RF Wireless Headphones: https://amzn.to/31MOgpu

My Recording Equipment:
Panasonic G85 4K Camera: https://amzn.to/2Mk9vsf
Logitech C922x Pro Webcam: https://amzn.to/2LIRxAp
Aston Origin Microphone: https://amzn.to/2LFtNNE
Rode VideoMicro: https://amzn.to/309yLKH
Mackie PROFX8V2 Mixer: https://amzn.to/31HKOMB
Elgato Cam Link 4K: https://amzn.to/2QlicYx
Elgate Stream Deck: https://amzn.to/2OlchA5

*We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.