#marketplace, .navbar, .container, .container-fluid, #media, #category, #ewards, #careers, .blueHeroSearchContainer, #photoHeroBanner, #etextbooks-page-2015, .slider-arrow, #books-page-2015, #my-account-wrapper-2015 {display:none;} .noscriptmsg p, .noscriptmsg h1 {color: #000;} body {background-color: #ccc !important; font-size: 14px; }

We're sorry, but eCampus.com doesn't work properly without JavaScript.

Either your device does not support JavaScript or you do not have JavaScript enabled.

How to enable JavaScript in your browser.

Need help? Call 1-855-252-4222

Rent More, Save More! Use code: ECRENTAL

5% off 1 book, 7% off 2 books, 10% off 3+ books

Black Hat GraphQL Attacking Next Generation APIs

by Aleks, Nick; Farhi, Dolev; Chan, Opheliar

ISBN13: 9781718502840
ISBN10: 1718502842
eBook ISBN(s): 9781718502857
Format: Paperback
Copyright: 2023-05-23
Publisher: No Starch Press

Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
1. Black Hat GraphQL Attacking Next Generation APIs > ISBN13: 9781718502840

List Price: ~~$59.99~~ Save up to $24.00

Buy New
$59.93

Add to Cart Free Shipping

USUALLY SHIPS IN 3-5 BUSINESS DAYS

Digital
$35.99*

Rent Digital Options

DURATION

PRICE

Online: 1825 Days

Downloadable: Lifetime access - VitalSource

$35.99*

*To support the delivery of the digital material to you, a digital delivery fee of $3.99 will be charged on each digital item.

Summary

Written by hackers for hackers, this hands-on book teaches penetration testers how to identify vulnerabilities in apps that use GraphQL, a data query and manipulation language for APIs adopted by major companies like Facebook and GitHub.

Black Hat GraphQL is for anyone interested in learning how to break and protect GraphQL APIs with the aid of offensive security testing. Whether you’re a penetration tester, security analyst, or software engineer, you’ll learn how to attack GraphQL APIs, develop hardening procedures, build automated security testing into your development pipeline, and validate controls, all with no prior exposure to GraphQL required.

Following an introduction to core concepts, you’ll build your lab, explore the difference between GraphQL and REST APIs, run your first query, and learn how to create custom queries.

You’ll also learn how to:

Use data collection and target mapping to learn about targets
Defend APIs against denial-of-service attacks and exploit insecure configurations in GraphQL servers to gather information on hardened targets
Impersonate users and take admin-level actions on a remote server
Uncover injection-based vulnerabilities in servers, databases, and client browsers
Exploit cross-site and server-side request forgery vulnerabilities, as well as cross-site WebSocket hijacking, to force a server to request sensitive information on your behalf
Dissect vulnerability disclosure reports and review exploit code to reveal how vulnerabilities have impacted large companies

This comprehensive resource provides everything you need to defend GraphQL APIs and build secure applications. Think of it as your umbrella in a lightning storm.

Author Biography

Dolev Farhi is a security engineer and author with extensive experience leading security engineering teams in complex environments and scale in the Fintech and cyber security industries. Currently, he is the Principal Security Engineer at Wealthsimple, building defenses for one of the fastest Fintech companies in North America. Dolev has previously worked for several security firms and provided training for official Linux certification tracks. He is one of the founders of DEFCON Toronto (DC416), a popular Toronto-based hacker group. In his spare time, he enjoys researching vulnerabilities in IoT devices, participating and building CTF challenges and contributing exploits to Exploit-DB.

Nick Aleks is a leader in Toronto's cybersecurity community and a distinguished and patented security engineer, speaker, and researcher. He is currently the Senior Director of Security at Wealthsimple, leads his own security firm, ASEC.IO, and is a Senior Advisory Board member for HackStudent, University of Guelph, as well as George Brown's Master of Cybersecurity and Threat Intelligence programs. A founder of DEFCON Toronto, he specializes in offensive security and penetration testing and has over 10 years of experience hacking everything from websites, safes, locks, cars, drones, and even smart buildings.

Foreword
Acknowledgments
Introduction
Chapter 1: A Primer on GraphQL
Chapter 2: Setting Up a GraphQL Security Lab
Chapter 3: The GraphQL Attack Surface
Chapter 4: Reconnaissance
Chapter 5: Denial of Service
Chapter 6: Information Disclosure
Chapter 7: Authentication and Authorization Bypasses
Chapter 8: Injection
Chapter 9: Request Forgery and Hijacking
Chapter 10: Disclosed Vulnerabilities and Exploits
Appendix A: GraphQL API Testing Checklist
Appendix B: GraphQL Security
Resources
Index

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rent More, Save More! Use code: ECRENTAL

Rent More, Save More! Use code: ECRENTAL

5% off 1 book, 7% off 2 books, 10% off 3+ books

Black Hat GraphQL Attacking Next Generation APIs

Summary

Author Biography

Table of Contents

Supplemental Materials

Rewards Program