Overview What You Will Learn Curriculum Instructor

Course Overview

As GraphQL gains popularity as an alternative to REST for building APIs, it brings forth a new realm of both opportunities and challenges. While GraphQL offers performance benefits and simplifies frontend-backend interactions, it introduces a unique set of vulnerabilities that attackers can exploit. This course is designed to provide developers, security professionals, and API testers with the skills needed to assess and secure GraphQL APIs effectively.

Through a series of hands-on labs and practical exercises, participants will learn how to approach GraphQL API security from an attacker's perspective. The course covers the identification and exploitation of vulnerabilities, along with implementing secure coding practices to mitigate risks.

As we move on through the course, you will be well-prepared to conduct thorough security assessments on GraphQL APIs. You will have the knowledge and confidence to identify vulnerabilities and implement security best practices when testing and deploying GraphQL APIs, safeguarding your applications against emerging security threats.

By the end of the course, you would have gained a comprehensive understanding of GraphQL security and enhanceg your ability to develop, test, and maintain secure GraphQL APIs.

What You Will Learn

  • Familiarize with GraphQL and how to use it to create an API
  • Familiarize with common vulnerabilities that exist in GraphQL APIs
  • Understand about the tools and process to set them up for scanning, discovery , reconnaissance and exploitation of GraphQL APIs
  • Understand about baseline approaches to fixing a vulnerable GraphQL API
  • Learn on how to document your findings in a Pentest Report

Program Curriculum

  • What’s GraphQL?
  • Setting up GraphiQL IDE
  • Queries and Mutation
  • Schemas and Types
  • Validation and Execution
  • Introspection of GraphQL APIs
  • GraphQL Servers and Clients in Production
  • $3.5 Million Cybersecurity Scholarship by EC-Council
  • Chapter 1 Quiz

  • About OWASP
  • Common Vulnerabilities in APIs
  • OWASP’s Testing GraphQL Project
  • Setting up your GraphQL Project
  • Chapter 2 Quiz

  • Introduction
  • Installing GraphQL IDE
  • Installing Graphw00f
  • Installing Burp Suite InQL Extension
  • Installing BatchQL
  • Installing GraphQL Cop
  • Installing Clairvoyance
  • Installing Graphql-path-enum
  • Installing Nmap and Commix
  • Installing Eyewitness
  • GraphQL Voyager
  • Chapter 3 Quiz

  • Introduction
  • Scanning to Detect GraphQL Using Nmap
  • Scanning to Detect GraphQL Explorer and GraphQL Playground Using Eyewitness
  • Introspection Using Clairvoyance and Graphql-path-enum
  • Using GraphQL Voyager to Visualize Introspection
  • Fingerprinting GraphQL with Graphw00f
  • Security Best Practices to Make Reconnaissance Harder
  • Chapter 4 Quiz

  • Authentication and Authorization Bypass
  • Batching Attacks
  • Brute Force Attacks
  • Circular Queries
  • Alias and Directive Overloading
  • Performing Audit Using GraphQL COP
  • Exploiting Field Duplication
  • Security Best Practices to Prevent Brute Force, Batching, and DOS-related Attacks
  • Chapter 5 Quiz

  • Injection Attacks
  • SQL Injection with Burp Suite and InQL
  • Performing XSS Attacks
  • Security Best Practices to Prevent Injection Attacks
  • Chapter 6 Quiz

  • Cross-Site Request Forgery (CSRF) Attacks
  • Server-Side Request Forgery (SSRF) Attacks
  • Finding and Hijacking Subscription Operations
  • Security Best Practices to Prevent Forgery and Hijack Attacks
  • Review
  • Chapter 7 Quiz

  • Writing Your Pentest Report
  • Review of Disclosed GraphQL Exploits
  • What’s Next? (Recommending C|ASE Java)
Load more modules

Instructor

Teni Omole

Teni Omole is a seasoned security professional with over a decade of experience in designing, securing, and testing computer systems for diverse industries including banking, fintech, healthcare, and media. Currently serving as the CISO at Cognideck UK, a London-based consulting firm, Teni leads in safeguarding digital infrastructure. His role as a Software Engineer at Cognideck showcases proficiency in ISO standards, Azure DevOps, Python, Kubernetes, and more. Previously, at Linkedlist Technologies, Teni managed end-to-end projects, from WordPress websites to custom e-commerce solutions using Python Django. This period honed skills in Bootstrap, Django, and PHP. Earlier, as the founder of Semtec Technologies, he conceptualized, developed, and marketed School Management Software, highlighting strengths in HTML, CSS, JavaScript, PHP, and MySQL. Teni's journey underscores a trajectory of expertise, spanning entrepreneurship, project management, and cybersecurity. His rich skill set and adaptability across languages and frameworks define him as a dynamic professional in the realm of technology and security.

Join over 1 Million professionals from the most renowned Companies in the world!

certificate

Fastest Way to Level Up Your Cybersecurity Skills

Invest in your future with flexible subscription plans that give you access to the world’s largest online cybersecurity course library. Whether you're exploring cybersecurity courses for beginners or advancing your expertise,
access in-demand courses, practical labs, and CTF challenges designed to support continuous learning.

Monthly Plans
Annual Plans
Save 20% with our annual plans!

Pro

Build your cybersecurity skills with 900+ bite-sized courses and curated learning paths designed for continuous learning.

$ 69.00
Billed monthly or $599.00 billed annually
Get Started Now
Start your 7-day trial for $1

What is included

  • 880+ Premium Short Courses
  • 70+ Structured Learning Paths
  • Validation of Completion with all courses and learning paths
  • New Courses added every month
Early Access Offer

Pro +

Develop real-world cybersecurity skills through hands-on labs and CTF challenges designed for practical learning.

$ 79.00
Billed monthly or $699.00 billed annually
Get Started Now
Start your 7-day trial for $1

Everything in Pro, Plus:

  • 1600+ Hands-on lab exercises with guided instructions
  • 150+ CTF Challenges with detailed walkthroughs
  • New Hands-on Labs and Challenges added every month

Related Courses

  • Bootstrap 4 Quick Website Bootstrap Components Course
    Short Course

    Bootstrap 4 Quick Website Bootstrap Components Course

    Software Development

    Explore the basics of Bootstrap and learn to create a website...

    $49.99

    Beginner

    1 hr 30 m

  • CCNA - Understanding Routers and Switches
    Short Course

    CCNA - Understanding Routers and Switches

    Security Architecture and Operations

    A comprehensive guide to understanding the in-depth functioni...

    $49.99

    Intermediate

    2 hr 0 m

  • The Complete Full-Stack JavaScript Course
    Short Course

    The Complete Full-Stack JavaScript Course

    Software Development

    Learn full-stack web development using JavaScript (ReactJS, N...

    $79.99

    Beginner

    24 hr 17 m

  • React.JS for Ecommerce: Building a Store with React.JS
    Short Course

    React.JS for Ecommerce: Building a Store with React.JS

    DevSecOps

    From React.js Fundamentals to Crafting an Online Storefront

    $49.99

    Advanced

    3 hr 30 m

  • CISSP Certification Domains 5, 6, 7, and 8 Video Training
    Short Course

    CISSP Certification Domains 5, 6, 7, and 8 Video Training

    Cybersecurity

    This course is ideal for individuals who desire to pass the I...

    $69.99

    Intermediate

    6 hr 30 m

  • Helm 3 - Package Manager for Kubernetes
    Short Course

    Helm 3 - Package Manager for Kubernetes

    Software Development

    A must tool for every DevOps engineer

    $49.99

    Intermediate

    1 hr 27 m

  • Learn Ethical Hacking by Hacking Real Websites Legally
    Short Course

    Learn Ethical Hacking by Hacking Real Websites Legally

    Vulnerability Assessment and Pentesting

    Fun way to learn ethical hacking by playing online hacking ga...

    $69.99

    Beginner

    4 hr 18 m

  • Mastering Ansible Playbooks: Debugging and Security
    Short Course

    Mastering Ansible Playbooks: Debugging and Security

    Software Development

    Securing and Automating Linux and Windows Systems with Advanc...

    $99.99

    Advanced

    5 hr 34 m

1 50
View all