Name: GraphQL Exploitation: Secondary Context Attacks and Business Logic Vulnerabilities
Start: 2024-09-26T11:30:00-0700
End: 2024-09-26T12:15:00-0700

THE MUST ATTEND EVENT FOR CYBERSECURITY PROFESSIONALS

Thursday September 26, 2024 11:30am - 12:15pm PDT

Room: Grand Ballroom

In this 45 minute offensively focused presentation we dive into GraphQL secondary context attacks and business logic vulnerabilities exploited in real world assessments. Secondary context attacks in particular can access impactful API endpoints using GraphQL as the jumping off point. The impact from these issues when exploited can be significant including unauthorized access to data, the ability to modify other users accounts, cross-tenancy failures, and SSRF.

This presentation is fresh material to this topic and does not rehash existing GraphQL exploitation discussions. If you are interested in GraphQL attacks, you should attend this talk.

Speakers

Willis Vandevanter

Senior Staff Security Researcher, Sprocket Security

With 14 years of experience in penetration testing, Will Vandevanter keeps coming back to his original obsession — hacking web apps. He has previously spoken at Blackhat, DEFCON, OWASP and a number of other conferences on web application security. He has also released popular... Read More →

Thursday September 26, 2024 11:30am - 12:15pm PDT
Room: Grand Ballroom

Breakout: Breaker Track

Audience intermediate

OWASP 2024 Global AppSec San Francisco

Willis Vandevanter

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!