Penetration testing, commonly known as pentesting, involves simulating a real attack on a server to assess its vulnerabilities against potential real-world attacks. While the primary goal is to emulate concrete threats, pentesting can extend beyond, offering insights into the potential consequences if confidential data were to fall into malicious hackers'
The hardest part when pentesting any system is undoubtedly answering the question: 💡How should we think of that? What is meant is "how outside-the-box thinking works?", and "how is a pentester meant to think outside the box?". Although tackling this question might seem like a near impossible task, but a
A Pentester is usually expected to be a higher than average user in terms of interaction with an endpoint. For that reason, I decided to add an intermediary step between "Discovery" and "Exploiting" called "Interaction." This article is part of the series "Pentesting GraphQL 101". 1. Pentesting GraphQL 101 Part
Recent statistics say that you have queried at least one GraphQL endpoint today. For me, as a Penetration tester, it is just a matter of concern, especially since high-quality Pentesting guides/articles are scarce online, which only signals that GraphQL security is still rudimentary. So I decided to start this