Writing a GraphQL query

To fetch or modify information through a GraphQL API, you need to write a request in a formatted way that follows a set of rules: it needs to be a JSON object and it must match the structure of the API’s schema. Also, if GraphQL objects are the containers that give structure to the...

What are GraphQL types?

Every language needs a grammar. If GraphQL is the language you can use to talk to an API, the GraphQL type system gives you the grammar that will make sure your queries are properly formatted and understood. Just like a programming language, GraphQL relies on types to define and describe every element you will...

What is GraphQL?

GraphQL is a query language that you can use to interact with an API. GraphQL allows you to write your own queries that will bring back specifically the info you want from the GraphQL server’s database (within the boundaries of what the API provider wants you to see, which is defined in the schema)....

What is OAuth 2.0?

As I was progressing along my API hacking learning path, OAuth 2.0 kept coming back as something I would have to get my head around at some point. Recently, I was testing an API in the scope of a Vulnerability Disclosure Program on Bugcrowd and OAuth was the authorization mechanism the API was using....

ParaBank walkthrough

So do you want to hack a bank with me? I knew you would… 😉 Let me introduce you to ParaBank, a deliberately vulnerable web application and API, developed by Parasoft, a vendor of automated testing tools. ParaBank is a pseudo online banking app that I recently came across thanks to Bas Dijskstra, who...

c{api}tal walkthrough

Here is a walkthrough of c{api}tal, a deliberately vulnerable web app and API built by the team at Checkmarx, an application security testing specialist. It was first publicly demonstrated at DEF CON 30 in August 2022, where it was used as the basis for a CTF contest (see the full story here). During that...

Scroll to top