![BrakeSec Education Podcast artwork](https://is1-ssl.mzstatic.com/image/thumb/Podcasts123/v4/f0/95/3e/f0953e48-be1e-60df-72d5-c863223e4d75/mza_8232316433178170329.png/100x100bb.jpg)
2019-035-Matt_szymanski-attack and defense of GraphQL-Part1
BrakeSec Education Podcast
English - October 02, 2019 18:38 - 42 minutes - 34 MB - ★★★★★ - 98 ratingsTech News News Technology cisa cissp legal pentesting podcasts application compliance computersecurity cybersecurity education Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Derbycon Discussion (bring Matt in)
Python course:
https://brakesec.com/brakesecpythonclass
PDF Slides: https://drive.google.com/file/d/1wmxrfgbaHu56kfccLoOd5M3Zz6bNP6Qi/view?usp=sharing
GraphQL High Level
Designed to replace REST Arch
Allow you to make a large request, uses a query language
Released by FB in 2012
JSON
Learn Enough to be dangerous
https://blog.bitsrc.io/13-graphql-tools-and-libraries-you-should-know-in-2019-e4b9005f6fc2
WSDL: https://www.w3.org/TR/2001/NOTE-wsdl-20010315
Vulns in the Wild
Abusing GraphQL
OWASP Deserialization Cheat Sheet - https://cheatsheetseries.owasp.org/cheatsheets/Deserialization_Cheat_Sheet.html
Attack Techniques
https://www.apollographql.com/docs/apollo-server/data/data/
https://github.com/graphql/graphiql
Protecting GraphQL
https://github.com/maticzav/graphql-shield
Magento 2 (runs GraphQL), hard to update…
https://github.com/szski/shapeshifter - Matt’s tool on Shapeshifter
GraphQL implementations inside (ecosystem packages?)
Infosec Campout 2020 occurring (28-29 Aug 2020, Carnation, WA)
Patreon supporters (Josh P and David G)
Teepub: https://www.teepublic.com/user/bdspodcast
For Amanda next:
https://www.cybercareersummit.com/
& keynote @grrcon oct 24/25
Check out our Store on Teepub! https://brakesec.com/store
Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email [email protected]
#Brakesec Store!:https://www.teepublic.com/user/bdspodcast
#Spotify: https://brakesec.com/spotifyBDS
#RSS: https://brakesec.com/BrakesecRSS
#Youtube Channel: http://www.youtube.com/c/BDSPodcast
#iTunes Store Link: https://brakesec.com/BDSiTunes
#Google Play Store: https://brakesec.com/BDS-GooglePlay
Our main site: https://brakesec.com/bdswebsite
#iHeartRadio App: https://brakesec.com/iHeartBrakesec
#SoundCloud: https://brakesec.com/SoundcloudBrakesec
Comments, Questions, Feedback: [email protected]
Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon
https://brakesec.com/BDSPatreon
#Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir
#Player.FM : https://brakesec.com/BDS-PlayerFM
#Stitcher Network: https://brakesec.com/BrakeSecStitcher
#TuneIn Radio App: https://brakesec.com/TuneInBrakesec