GraphQL Security for Beginners

Want to try a GraphQL security challenge for yourself? Alex's Advanced Web Hacking course has a module dedicated to GraphQL. Try it for yourself here: https://www.tcm.rocks/awh-yt Sponsor a Video: https://www.tcm.rocks/Sponsors Pentests & Security Consulting: https://tcm-sec.com Get Trained: https://academy.tcm-sec.com Get Certified: https://certifications.tcm-sec.com Merch: https://merch.tcm-sec.com GraphQL has revolutionized the way APIs are built, offering unparalleled flexibility with single-endpoint queries. But with this power comes potential risk! In this video, Alex dives deep into the world of GraphQL security, covering: - A primer on how GraphQL differs from traditional REST APIs - Key features attackers can exploit to extract sensitive data - Crafting complex queries that can lead to over-fetching information - The security risks of GraphQL introspection and why it's crucial to secure it Whether you're a developer looking to build secure GraphQL APIs or a pentester exploring potential vulnerabilities, this video will equip you with the knowledge you need to safeguard your GraphQL implementations. Have you checked out the GraphQL module in our Advanced Web Hacking course yet? Let us know in the comments below! Don't forget to like, subscribe, and hit the bell icon for more deep dives into web security and hacking techniques! #apisecurity #graphql #cybersecurity #hacking #infosec 📱Social Media📱 ___________________________________________ X: https://x.com/TCMSecurity Twitch: https://www.twitch.tv/thecybermentor Instagram: https://www.instagram.com/tcmsecurity/ LinkedIn: https://www.linkedin.com/company/tcm-security-inc/ TikTok: https://www.tiktok.com/@tcmsecurity Discord: https://discord.gg/tcm Facebook: https://www.facebook.com/tcmsecure Timestamps: 00:00 Introduction to GraphQL 00:28 What is GraphQL? 02:25 Sponsor message 02:51 GraphQL code 07:00 Introspection and Information Disclosure 13:02 Outro 💸Donate💸 __________________________________