EPISODE · Oct 2, 2019 · 42 MIN
2019-035-Matt_szymanski-attack and defense of GraphQL-Part1
from BrakeSec Education Podcast
Derbycon Discussion (bring Matt in) Python course: https://brakesec.com/brakesecpythonclass PDF Slides: https://drive.google.com/file/d/1wmxrfgbaHu56kfccLoOd5M3Zz6bNP6Qi/view?usp=sharing GraphQL High Level https://graphql.org/ Designed to replace REST Arch Allow you to make a large request, uses a query language Released by FB in 2012 JSON Learn Enough to be dangerous https://blog.bitsrc.io/13-graphql-tools-and-libraries-you-should-know-in-2019-e4b9005f6fc2 WSDL: https://www.w3.org/TR/2001/NOTE-wsdl-20010315 Vulns in the Wild Abusing GraphQL OWASP Deserialization Cheat Sheet - https://cheatsheetseries.owasp.org/cheatsheets/Deserialization_Cheat_Sheet.html Attack Techniques https://www.apollographql.com/docs/apollo-server/data/data/ https://github.com/graphql/graphiql Protecting GraphQL https://github.com/maticzav/graphql-shield Magento 2 (runs GraphQL), hard to update… https://github.com/szski/shapeshifter - Matt's tool on Shapeshifter GraphQL implementations inside (ecosystem packages?) Infosec Campout 2020 occurring (28-29 Aug 2020, Carnation, WA) Patreon supporters (Josh P and David G) Teepub: https://www.teepublic.com/user/bdspodcast For Amanda next: https://www.cybercareersummit.com/ & keynote @grrcon oct 24/25 Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email [email protected] #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: [email protected] Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec
NOW PLAYING
2019-035-Matt_szymanski-attack and defense of GraphQL-Part1
No transcript for this episode yet
Similar Episodes
Dec 5, 2025 ·50m
Oct 9, 2025 ·33m
Oct 3, 2025 ·40m
Sep 11, 2025 ·31m
Aug 27, 2025 ·39m
Aug 18, 2025 ·54m