DOJO Details:
One Day Dojo held on March 19, 2024 (Tuesday).
Available as In-Person or On-Line Training
DOJO Abstract:
Rest APIs have been the backbone of webapps for over a decade now, and it’s treated us well. Inevitably, a challenger has approached and is gradually becoming the new industry standard. That is GraphQL, a query a language for your API. But shifts in tech trends also bring another inevitability, new and interesting ways to hack stuff. GraphQL is a growing target, and the pentesting tools have yet to keep up, leaving the criminals with more time and opportunity to probe and exploit vulnerabilities in your web apps.
Burp Suite has been the defacto tool for Application Security professionals running DAST scans and penetration tests against web apps, and its amazing Active Scan feature badly needed to be able to parse GraphQL. Our new plugin for Burp Suite allows the Active Scanner to competently point its library of payloads at a GraphQL API, giving the defenders a chance to detect vulnerabilities before the criminals do.
DOJO Learning Objectives:
• Understand GraphQL and the shortcomings of modern pentesting tools
• See how our plugin solves this problem
• Learn how to use it for yourself to find vulnerabilities in your own web apps
About the Instuctor: Jared Meit
Jared Meit, OSWE, has always had a passion for taking things apart, learning how they work, and forgetting how to put them back together. He was a professional software developer for 12 years before shifting his focus to Application Security 5 years ago. His dev experience allows him to create tools that developer's will actually want to use.