Pentesting Different types of penetration testing Penetration testing, commonly known as pentesting, involves simulating a real attack on a server to assess its vulnerabilities against potential real-world attacks. While the primary goal is to emulate concrete threats, pentesting can extend beyond, offering insights into the potential consequences if confidential data were to fall into malicious hackers'
Pentesting Thinking outside the box when pentesting GraphQL The hardest part when pentesting any system is undoubtedly answering the question: 💡How should we think of that? What is meant is "how outside-the-box thinking works?", and "how is a pentester meant to think outside the box?". Although tackling this question might seem like a near impossible task, but a
Pentesting Pentesting GraphQL 101 Part 2 - Interaction A Pentester is usually expected to be a higher than average user in terms of interaction with an endpoint. For that reason, I decided to add an intermediary step between "Discovery" and "Exploiting" called "Interaction." This article is part of the series "Pentesting GraphQL 101". 1. Pentesting GraphQL 101 Part
Pentesting Pentesting GraphQL 101 Part 1 - Discovery Recent statistics say that you have queried at least one GraphQL endpoint today. For me, as a Penetration tester, it is just a matter of concern, especially since high-quality Pentesting guides/articles are scarce online, which only signals that GraphQL security is still rudimentary. So I decided to start this
Pentesting Graphinder: lightweight and blazing fast GraphQL endpoint finder Introducing Graphinder, a lightweight and blazing fast GraphQL endpoint finder, making penetration testing on GraphQL much faster ⚡️
