https://github.com/dolevf/black-hat-graphql

The Black Hat GraphQL Book Repository
https://github.com/dolevf/black-hat-graphql

book graphql hacking nostarchpress penetration-testing

Last synced: 9 months ago
JSON representation

The Black Hat GraphQL Book Repository

• Host: GitHub
• URL: https://github.com/dolevf/black-hat-graphql
• Owner: dolevf
• Created: 2021-11-19T21:41:17.000Z (over 4 years ago)
• Default Branch: master
• Last Pushed: 2024-07-14T02:46:34.000Z (almost 2 years ago)
• Last Synced: 2025-03-31T04:05:47.440Z (about 1 year ago)
• Topics: book, graphql, hacking, nostarchpress, penetration-testing
• Language: HTML
• Homepage: https://blackhatgraphql.com
• Size: 113 KB
• Stars: 234
• Watchers: 13
• Forks: 63
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# Black Hat GraphQL

Book files for **Black Hat GraphQL**.

  

    

      

    

    

      
Black Hat GraphQL is for anyone interested in learning how to break and protect GraphQL APIs with the aid of offensive security testing. Whether you’re a penetration tester, security analyst, or software engineer, you’ll learn how to attack GraphQL APIs, develop hardening procedures, build automated security testing into your development pipeline, and validate controls, all with no prior exposure to GraphQL required.

      
Buy the book from No Starch Press

    

  


Enjoy!

***

## Errata

* Page 83 Listing 4-14: `grep` command should be corrected to: `grep -Hnio "graphiql\|graphql-playground" dvga-report/source/*`

* Page 112: The sentence "_In DVGA, run the following query [...]_" should read: "_In **Altair**, run the following query [...]_".

* Page 177: The `COOKIES` variable value should read `{"session":"session-secret"}`

## Notes

* Due to changes in InQL, you may need to install the tool from the its V4 branch, latest version being [4.0.7](https://github.com/doyensec/inql/releases/tag/v4.0.7)