Nick Aleks: Black Hat GraphQL | Taschenbuch

Cover: 9781718502840 | Black Hat GraphQL | Attacking Next Generation APIs | Aleks (u. a.)

Dekorationsartikel gehören nicht zum Leistungsumfang.

Sprache: Englisch

42,20 €

inkl. MwSt.

Versandkostenfrei per Post / DHL

auf Lager, Lieferzeit 1-2 Werktage

Kategorien:

Beschreibung

Written by hackers for hackers, this hands-on book teaches penetration testers how to identify vulnerabilities in apps that use GraphQL, a data query and manipulation language for APIs adopted by major companies like Facebook and GitHub.

Black Hat GraphQL is for anyone interested in learning how to break and protect GraphQL APIs with the aid of offensive security testing. Whether you’re a penetration tester, security analyst, or software engineer, you’ll learn how to attack GraphQL APIs, develop hardening procedures, build automated security testing into your development pipeline, and validate controls, all with no prior exposure to GraphQL required.

Following an introduction to core concepts, you’ll build your lab, explore the difference between GraphQL and REST APIs, run your first query, and learn how to create custom queries.

You’ll also learn how to:

Use data collection and target mapping to learn about targets
Defend APIs against denial-of-service attacks and exploit insecure configurations in GraphQL servers to gather information on hardened targets
Impersonate users and take admin-level actions on a remote server
Uncover injection-based vulnerabilities in servers, databases, and client browsers
Exploit cross-site and server-side request forgery vulnerabilities, as well as cross-site WebSocket hijacking, to force a server to request sensitive information on your behalf
Dissect vulnerability disclosure reports and review exploit code to reveal how vulnerabilities have impacted large companies

This comprehensive resource provides everything you need to defend GraphQL APIs and build secure applications. Think of it as your umbrella in a lightning storm.

Use data collection and target mapping to learn about targets
Defend APIs against denial-of-service attacks and exploit insecure configurations in GraphQL servers to gather information on hardened targets
Impersonate users and take admin-level actions on a remote server
Uncover injection-based vulnerabilities in servers, databases, and client browsers
Exploit cross-site and server-side request forgery vulnerabilities, as well as cross-site WebSocket hijacking, to force a server to request sensitive information on your behalf
Dissect vulnerability disclosure reports and review exploit code to reveal how vulnerabilities have impacted large companies

This comprehensive resource provides everything you need to defend GraphQL APIs and build secure applications. Think of it as your umbrella in a lightning storm.

Über den Autor

Nick Aleks and Dolev Farhi

Inhaltsverzeichnis

Foreword
Acknowledgments
Introduction
Chapter 1: A Primer on GraphQL
Chapter 2: Setting Up a GraphQL Security Lab
Chapter 3: The GraphQL Attack Surface
Chapter 4: Reconnaissance
Chapter 5: Denial of Service
Chapter 6: Information Disclosure
Chapter 7: Authentication and Authorization Bypasses
Chapter 8: Injection
Chapter 9: Request Forgery and Hijacking
Chapter 10: Disclosed Vulnerabilities and Exploits
Appendix A: GraphQL API Testing Checklist
Appendix B: GraphQL Security
Resources
Index

Erscheinungsjahr:	2023
Fachbereich:	Datenkommunikation, Netze & Mailboxen
Genre:	Importe , Informatik
Rubrik:	Naturwissenschaften & Technik
Medium:	Taschenbuch
Inhalt:	Einband - flex.(Paperback)
ISBN-13:	9781718502840
ISBN-10:	1718502842
Sprache:	Englisch
Einband:	Kartoniert / Broschiert
Autor:	Aleks, Nick Farhi, Dolev
Hersteller:	Random House LLC US No Starch Press
Verantwortliche Person für die EU:	Springer Fachmedien Wiesbaden GmbH, Postfach:15 46, D-65189 Wiesbaden, info@bod.de
Maße:	232 x 180 x 20 mm
Von/Mit:	Nick Aleks (u. a.)
Erscheinungsdatum:	23.05.2023
Gewicht:	0,594 kg