Black Hat Graphql

Attacking Next Generation APIs

Nick Aleks, Dolev Farhi, Opheliar Chan

$140

Paperback

Not in-store but you can order this
How long will it take?

Availability Information

We source books from suppliers in Australia and overseas. For books we don't currently have in stock, the time it takes to get them from our suppliers can vary widely - from a few days to a few months - so we check each book with each supplier to determine the expected time it will take to be supplied to us.

We then advise you accordingly. If the time taken to get any book is too long for you, you can let us know and we will cancel or adjust your order, and refund as required.

To find out the anticipated arrival time for specific items prior to ordering, please contact us by phone or email:

Phone +61 2 9264 3111, or 1800 4 BOOKS (1800 4 26657) if outside Sydney:
option 1 Abbey's Bookshop (Crime, History, Science, Kids & more) • info@abbeys.com.au
option 2 Language Book Centre (ESL & Foreign Languages) • language@abbeys.com.au
option 3 Galaxy Bookshop (Sci-fi, Fantasy, Romance, Graphic Novels) • sf@galaxybooks.com.au

QTY:

English

No Starch Press,US
20 June 2023

Computer programming & software development

Written by hackers for hackers, this hands-on book teaches penetration testers how to identify vulnerabilities in apps that use GraphQL, a data query and manipulation language for APIs adopted by major companies like Facebook and GitHub.

Black Hat GraphQL is for anyone interested in learning how to break and protect GraphQL APIs with the aid of offensive security testing. Whether you're a penetration tester, security analyst, or software engineer, you'll learn how to attack GraphQL APIs, develop hardening procedures, build automated security testing into your development pipeline, and validate controls, all with no prior exposure to GraphQL required.

Following an introduction to core concepts, you'll build your lab, explore the difference between GraphQL and REST APIs, run your first query, and learn how to create custom queries.

You'll also learn how to-

Use data collection and target mapping to learn about targets

Defend APIs against denial-of-service attacks and exploit insecure configurations in GraphQL servers to gather information on hardened targetsImpersonate users and take admin-level actions on a remote serverUncover injection-based vulnerabilities in servers, databases, and client browsersExploit cross-site and server-side request forgery vulnerabilities, as well as cross-site WebSocket hijacking, to force a server to request sensitive information on your behalfDissect vulnerability disclosure reports and review exploit code to reveal how vulnerabilities have impacted large companies This comprehensive resource provides everything you need to defend GraphQL APIs and build secure applications. Think of it as your umbrella in a lightning storm.

By: Nick Aleks, Dolev Farhi
Foreword by: Opheliar Chan
Imprint: No Starch Press,US
Country of Publication: United States
Dimensions: Height: 234mm, Width: 177mm,
Weight: 369g
ISBN: 9781718502840
ISBN 10: 1718502842
Pages: 320
Publication Date: 20 June 2023
Audience: Professional and scholarly , Undergraduate
Format: Paperback
Publisher's Status: Active

Dolev Farhi is a security engineer and author with extensive experience leading security engineering teams in complex environments and scale in the Fintech and cyber security industries. Currently, he is the Principal Security Engineer at Wealthsimple, building defenses for one of the fastest Fintech companies in North America. Dolev has previously worked for several security firms and provided training for official Linux certification tracks. He is one of the founders of DEFCON Toronto (DC416), a popular Toronto-based hacker group. In his spare time, he enjoys researching vulnerabilities in IoT devices, participating and building CTF challenges and contributing exploits to Exploit-DB. Nick Aleks is a leader in Toronto's cybersecurity community and a distinguished and patented security engineer, speaker, and researcher. He is currently the Senior Director of Security at Wealthsimple, leads his own security firm, ASEC.IO, and is a Senior Advisory Board member for HackStudent, George Brown, and the University of Guelph's Master of Cybersecurity and Threat Intelligence programs. A founder of DEFCON Toronto, he specializes in offensive security and penetration testing and has over 10 years of experience hacking everything from websites, safes, locks, cars, drones, and even smart buildings.

Reviews for Black Hat Graphql: Attacking Next Generation APIs

Black Hat GraphQL is the best resource for anyone looking to test GraphQL for vulnerabilities. Not only did Aleks and Farhi write the book, but they also created the vulnerable application used in the books labs and created a suite of tools specially designed for analyzing weaknesses within GraphQL APIs. This is a must-read book for those in API security. -Corey Ball, author of Hacking APIs This book brought me from zero to 'incredibly dangerous' in ten chapters. The authors break down complex topics, making them easy to understand, as well as outlining pros and cons of each feature, tool, and tactic. The book also has quite a bit of foreshadowing, mentioning how certain parts of GraphQL work, and how they will be exploited later. The authors share not only several hands-on labs, but several tools they created themselves and open-sourced for all to use. If you are going to be PenTesting GraphQL systems, or are charged with protecting such a system, this book is a must-have. -Tanya Janca, founder of We Hack Purple With the increasing number of web platforms built on top of GraphQL, this book is an essential resource for all security practitioners. By covering both the basics and advanced topics, Nick and Dolev have created the ultimate guide to hacking GraphQL. -Luca Carettoni, Doyensec Knowing how to secure GraphQL is often the first question most users have after they have that ah ha! moment about how cool it is. While Apollo and others have written a lot of great documentation on best security practices, Black Hat GraphQL is the most comprehensive look from the other side. This is not just a book for red teamers or penetration testers. Any GraphQL developer will learn a lot here. -Tad Whitaker, Apollo GraphQL I study my way up in cybersecurity, in part, through books. While many of the books I use don't actually bring something new to the table, Black Hat GraphQL is definitely an exception. My copy, believe it or not, is oversaturated with highlights. And that probably says it all. -Cristi Vlad, @CristiVlad25, cybersecurity researcher