Null offensive hacking hands-on training.
Proposed sessions for this event:
- Understanding and querying GraphQL apps by Maulik Lakhani
- GraphQL attacking methodology - Part 1 by Maulik Lakhani
- GraphQL attacking methodology - Part 2 by Maulik Lakhani
- Mitigating GraphQL vulnerabilities and secure coding best practices by Maulik Lakhani
Attacking and Securing GraphQL Applications
Technicalities, Vulnerabilities, and Defense Strategies
Overview
This Null Humla session provides a detailed understanding of GraphQL vulnerabilities and teaches the skills needed to protect a GraphQL instance against common attacks.
Target Audience
- Penetration Testers with web app and API security skills
- Application Security Engineers
- Developers building apps using GraphQL
This intermediate-level workshop is NOT suitable for beginners or GraphQL experts. The ideal attendees should have basic skills in:
- Web application penetration testing
- API penetration testing
Developers using GraphQL in their applications are also encouraged to join.
Agenda and Outcome
We will start by exploring the technical aspects of GraphQL, comparing it with traditional REST APIs, and highlighting its core functionalities. The session covers GraphQL security testing methodologies, including schema introspection, broken authorization, privilege escalation, and DoS attacks.
Participants will learn how to replace vulnerable code with secure alternatives, implement secure coding practices, limit query batching, and enhance overall security.
Prerequisites
Ensure the following tools are installed and pre-configured before the session:
- Burp Suite Community or Professional and Postman Desktop
- Docker Desktop or Rancher Desktop
- Python IDE (e.g., PyCharm, Cursor)
- Basic knowledge of Python Flask or FastAPI
Note: The Burp certificate should be installed in your trusted CA certs.
Date | Sunday September 29 2024 |
---|---|
Chapter | Bangalore |
Registrations | 53 |
Max Registrations | 60 |
Event Type | Invite Only |
Start Time | 09:30 AM |
End Time | 04:30 PM |
Session Schedule
Name | Speaker | Start Time | End Time | Resources |
---|---|---|---|---|
Understanding and querying GraphQL apps | Maulik Lakhani | 09:30 AM | 11:30 AM | |
Break | 11:30 AM | 11:45 AM | ||
GraphQL attacking methodology - Part 1 | Maulik Lakhani | 11:45 AM | 12:30 PM | |
Lunch | 12:30 PM | 01:15 PM | ||
GraphQL attacking methodology - Part 2 | Maulik Lakhani | 01:15 PM | 03:00 PM | |
Break | 03:00 PM | 03:15 PM | ||
Mitigating GraphQL vulnerabilities and secure coding best practices | Maulik Lakhani | 03:15 PM | 04:30 PM |