Short Course

Pentesting GraphQL APIs

Acquire hands-on skills needed for pentesting and hardening your GraphQL APIs

4.0

from 5+ reviews

8 Hours of video content

Intermediate

Certificate of Completion Included

Check out Subscription Plans

Overview What You Will Learn Curriculum Instructor

Course Overview

As GraphQL gains popularity as an alternative to REST for building APIs, it brings forth a new realm of both opportunities and challenges. While GraphQL offers performance benefits and simplifies frontend-backend interactions, it introduces a unique set of vulnerabilities that attackers can exploit. This course is designed to provide developers, security professionals, and API testers with the skills needed to assess and secure GraphQL APIs effectively.

Through a series of hands-on labs and practical exercises, participants will learn how to approach GraphQL API security from an attacker's perspective. The course covers the identification and exploitation of vulnerabilities, along with implementing secure coding practices to mitigate risks.

As we move on through the course, you will be well-prepared to conduct thorough security assessments on GraphQL APIs. You will have the knowledge and confidence to identify vulnerabilities and implement security best practices when testing and deploying GraphQL APIs, safeguarding your applications against emerging security threats.

By the end of the course, you would have gained a comprehensive understanding of GraphQL security and enhanceg your ability to develop, test, and maintain secure GraphQL APIs.

What You Will Learn

Familiarize with GraphQL and how to use it to create an API
Familiarize with common vulnerabilities that exist in GraphQL APIs
Understand about the tools and process to set them up for scanning
discovery
reconnaissance and exploitation of GraphQL APIs
Understand about baseline approaches to fixing a vulnerable GraphQL API
Learn on how to document your findings in a Pentest Report

Program Curriculum

What’s GraphQL?
Setting up GraphiQL IDE
Queries and Mutation
Schemas and Types
Validation and Execution
Introspection of GraphQL APIs
GraphQL Servers and Clients in Production
$3.5 Million Cybersecurity Scholarship by EC-Council
Chapter 1 Quiz

About OWASP
Common Vulnerabilities in APIs
OWASP’s Testing GraphQL Project
Setting up your GraphQL Project
Chapter 2 Quiz

Introduction
Installing GraphQL IDE
Installing Graphw00f
Installing Burp Suite InQL Extension
Installing BatchQL
Installing GraphQL Cop
Installing Clairvoyance
Installing Graphql-path-enum
Installing Nmap and Commix
Installing Eyewitness
GraphQL Voyager
Chapter 3 Quiz

Introduction
Scanning to Detect GraphQL Using Nmap
Scanning to Detect GraphQL Explorer and GraphQL Playground Using Eyewitness
Introspection Using Clairvoyance and Graphql-path-enum
Using GraphQL Voyager to Visualize Introspection
Fingerprinting GraphQL with Graphw00f
Security Best Practices to Make Reconnaissance Harder
Chapter 4 Quiz

Authentication and Authorization Bypass
Batching Attacks
Brute Force Attacks
Circular Queries
Alias and Directive Overloading
Performing Audit Using GraphQL COP
Exploiting Field Duplication
Security Best Practices to Prevent Brute Force, Batching, and DOS-related Attacks
Chapter 5 Quiz

Injection Attacks
SQL Injection with Burp Suite and InQL
Performing XSS Attacks
Security Best Practices to Prevent Injection Attacks
Chapter 6 Quiz

Cross-Site Request Forgery (CSRF) Attacks
Server-Side Request Forgery (SSRF) Attacks
Finding and Hijacking Subscription Operations
Security Best Practices to Prevent Forgery and Hijack Attacks
Review
Chapter 7 Quiz

Writing Your Pentest Report
Review of Disclosed GraphQL Exploits
What’s Next? (Recommending C|ASE Java)

Load more modules

Instructor

Teni Omole

Teni Omole is a seasoned security professional with over a decade of experience in designing, securing, and testing computer systems for diverse industries including banking, fintech, healthcare, and media. Currently serving as the CISO at Cognideck UK, a London-based consulting firm, Teni leads in safeguarding digital infrastructure. His role as a Software Engineer at Cognideck showcases proficiency in ISO standards, Azure DevOps, Python, Kubernetes, and more. Previously, at Linkedlist Technologies, Teni managed end-to-end projects, from WordPress websites to custom e-commerce solutions using Python Django. This period honed skills in Bootstrap, Django, and PHP. Earlier, as the founder of Semtec Technologies, he conceptualized, developed, and marketed School Management Software, highlighting strengths in HTML, CSS, JavaScript, PHP, and MySQL. Teni's journey underscores a trajectory of expertise, spanning entrepreneurship, project management, and cybersecurity. His rich skill set and adaptability across languages and frameworks define him as a dynamic professional in the realm of technology and security.

Buy this course now

$99.99

Get Immediate access for one year today!

Upgrade to Pro Plans and Get Full Access Today!

Get this course, along with 700+ courses and 50+ learning paths and more in one subscription. Learn more

Unlock All Access

Plans start from $33/mo. Cancel anytime.

Join over 1 Million professionals from the most renowned Companies in the world!

Empower Your Learning with Our Flexible Plans

Invest in your future with our flexible subscription plans. Whether you're just starting out or looking to enhance your expertise, there's a plan tailored to meet your needs. Gain access to in-demand skills and courses for your continuous learning needs.

Monthly Plans

Annual Plans

Save 20% with our annual plans!

Pro

Ideal for continuous learning, offering extensive resources with 600+ courses and diverse Learning Paths to enhance your skills.

^$ 499.00

Billed annually or $59.00 billed monthly

Get Started Now

Start your 7-day trial for $1

What is included

700+ Premium Short Courses
50+ Structured Learning Paths
Validation of Completion with all courses and learning paths
New Courses added every month

Early Access Offer

Pro +

Experience immersive learning with Practice Labs, CTF Challenges, and exclusive EC-Council certifications for comprehensive skill-building.

^$ 599.00

Billed annually or $69.00 billed monthly

Get Started Now

Start your 7-day trial for $1

Everything in Pro and

800+ Practice Lab exercises with guided instructions
150+ CTF Challenges with detailed walkthroughs
New Practice Labs and Challenges added every month
3 Official EC-Council Essentials Certifications¹ (retails at $897!)
Exclusive Bonus with Annual Plans

¹This plan includes Digital Forensics Essentials (DFE), Ethical Hacking Essentials (EHE), and Network Defense Essentials (NDE) certifications. No other EC-Council certifications are included.

Related Courses

15 Must Have Tools for Pentesters

Short Course

15 Must Have Tools for Pentesters

Vulnerability Assessment and Pentesting

Upgrade your penetration testing skillset by adopting the best tools available in the market!

Upgrade your penetration testing skillset by adopting the bes...

$59.99

Intermediate

9 hr 15 m

Hello
Kali for Penetration Testers

Short Course

Kali for Penetration Testers

Vulnerability Assessment and Pentesting

Ethical Hacking with Kali Linux

Ethical Hacking with Kali Linux

$69.99

Beginner

6 hr 49 m

Hello
Hacking WEP/WPA/WPA2 Wi-Fi Networks Using Kali Linux 2

Short Course

Hacking WEP/WPA/WPA2 Wi-Fi Networks Using Kali Linux 2

Vulnerability Assessment and Pentesting

The comprehensive course to secure & crack WEP/WPA/WPA2 key and perform MITM attack from scratch using Kali Linux 2.0.

The comprehensive course to secure & crack WEP/WPA/WPA2 k...

$69.99

Intermediate

5 hr 12 m

Hello
Getting Started with Bug Bounty Hunting

Short Course

Getting Started with Bug Bounty Hunting

Vulnerability Assessment and Pentesting

Perfect Guide for Making You a Noob to Pro Bug Hunter

Perfect Guide for Making You a Noob to Pro Bug Hunter

$79.99

Beginner

2 hr 45 m

Hello
Web Hacker’s Toolbox: Tools Used by Successful Hackers

Short Course

Web Hacker’s Toolbox: Tools Used by Successful Hackers

Vulnerability Assessment and Pentesting

Discover the Tools Used by Successful Hackers and Learn How to Use Them in Your Own Penetration Testing Projects

Discover the Tools Used by Successful Hackers and Learn How t...

$59.99

Intermediate

3 hr 4 m

Hello
Full-Stack Attacks on Modern Web Applications

Short Course

Full-Stack Attacks on Modern Web Applications

Vulnerability Assessment and Pentesting

Learn About HTTP Parameter Pollution, Subdomain Takeover, and Clickjacking

Learn About HTTP Parameter Pollution, Subdomain Takeover, and...

$59.99

Intermediate

0 hr 59 m

Hello
Learn Hacking Using Raspberry Pi from Scratch

Short Course

Learn Hacking Using Raspberry Pi from Scratch

Vulnerability Assessment and Pentesting

Improve your Ethical Hacking Skills by using your portable Raspberry Pi device for Penetration Testing/Security Auditing.

Improve your Ethical Hacking Skills by using your portable Ra...

$69.99

Beginner

8 hr 20 m

Hello
Digital Forensics for Pentesters - Hands-on Learning

Short Course

Digital Forensics for Pentesters - Hands-on Learning

Vulnerability Assessment and Pentesting

Detect and backtrack cyber criminals and hackers with digital forensics.

Detect and backtrack cyber criminals and hackers with digital...

$69.99

Beginner

5 hr 10 m

Hello