Skip to content

dolevf/Black-Hat-GraphQL

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

124 Commits
ch01
ch01
 
 
ch02
ch02
 
 
ch03
ch03
 
 
ch04
ch04
 
 
ch05
ch05
 
 
ch06
ch06
 
 
ch07
ch07
 
 
ch08
ch08
 
 
ch09
ch09
 
 
ch10
ch10
 
 
queries
queries
 
 
resources
resources
 
 
tools
tools
 
 
Cover.png
Cover.png
 
 
README.md
README.md
 
 

Repository files navigation

Black Hat GraphQL

Book files for Black Hat GraphQL.

Black Hat GraphQL Cover

Black Hat GraphQL is for anyone interested in learning how to break and protect GraphQL APIs with the aid of offensive security testing. Whether you’re a penetration tester, security analyst, or software engineer, you’ll learn how to attack GraphQL APIs, develop hardening procedures, build automated security testing into your development pipeline, and validate controls, all with no prior exposure to GraphQL required.

Buy the book from No Starch Press

Enjoy!

Errata

  • Page 83 Listing 4-14: grep command should be corrected to: grep -Hnio "graphiql\|graphql-playground" dvga-report/source/*
  • Page 112: The sentence "In DVGA, run the following query [...]" should read: "In Altair, run the following query [...]".
  • Page 177: The COOKIES variable value should read {"session":"session-secret"}

Notes

  • Due to changes in InQL, you may need to install the tool from the its V4 branch, latest version being 4.0.7

About

The Black Hat GraphQL Book Repository

blackhatgraphql.com

Topics

graphql book hacking penetration-testing nostarchpress

Resources

Readme
Activity

Stars

266 stars

Watchers

15 watching

Forks

72 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

Languages