У нас вы можете посмотреть бесплатно REST in Peace: Abusing GraphQL to Attack Underlying Infrastructure - LevelUp 0x05 или скачать в максимальном доступном качестве, которое было загружено на ютуб. Для скачивания выберите вариант из формы ниже:
Если кнопки скачивания не
загрузились
НАЖМИТЕ ЗДЕСЬ или обновите страницу
Если возникают проблемы со скачиванием, пожалуйста напишите в поддержку по адресу внизу
страницы.
Спасибо за использование сервиса savevideohd.ru
REST in Peace: Abusing GraphQL to Attack Underlying Infrastructure by Matt Szymanski Matt on Twitter: / rvrshell More Videos on Bugcrowd University: https://www.bugcrowd.com/hackers/bugc... "GraphQL is a query language for APIs set to replace RESTful architecture. The use of this technology has achieved rapid adoption and is now leveraged by companies such as GitHub, Credit Karma, and PayPal. Despite its popularity, this new approach to building APIs can leave organizations at risk. While it solves real-world problems, proper implementation is left up to developers who often don't fully understand how to secure their API. Security best practices are easily overlooked, and rushed development can leave cracks in the armor. These issues create a new attack surface for us to explore as well as new ways to exploit underlying infrastructure and code. From Queries and Mutations to Types and Fields, properly attacking a target requires that you understand it. We will learn enough about GraphQL to be dangerous. Demonstrate how to use the technology’s intricacies against itself while taking advantage of implementation errors and misconfigurations. Examine GraphQL specific attacks as well as tried and true techniques adapted to fit into the GraphQL context. Then walk through how to carry out these attacks efficiently and effectively." - However, from a hacker’s point of view, this also presents new challenges. GraphQL Schemas can be very large and testing them can be a very time-consuming, manual process. From Queries and Mutations to Types and Fields, properly attacking a target requires that you understand it. Lack of foundational knowledge adds complexity to the testing process, while current tooling to launch and automate attacks is lacking. We will learn enough about GraphQL to be dangerous. Demonstrate how to use the technology’s intricacies against itself while taking advantage of implementation errors and misconfigurations. Examine GraphQL specific attacks as well as tried and true techniques adapted to fit into the GraphQL context. Then walk through how to carry out these attacks efficiently and effectively, introducing a new tool to help automate and streamline the process. Attacking GraphQL requires understanding and tooling to properly execute. We will demo how to use the technology’s intricacies against itself while taking advantage of implementation errors and misconfigurations. Examine attacks and workflows using tooling adapted to fit into the GraphQL context. "