10-08, 13:10–13:35 (Canada/Eastern), ENG-103
Rest APIs have been the backbone of webapps for over a decade now, and it’s treated us well. Inevitably, a challenger has approached and is gradually becoming the new industry standard. That is GraphQL, a query a language for your API. But shifts in tech trends also bring another inevitability, new and interesting ways to hack stuff. GraphQL is a growing target, and the pentesting tools have yet to keep up, leaving the criminals with more time and opportunity to probe and exploit vulnerabilities in your web apps.
Burp Suite has been the defacto tool for Application Security professionals running DAST scans and penetration tests against web apps, and it’s amazing Active Scan feature badly needed to be able to parse GraphQL. Our new plugin for Burp Suite allows the Active Scanner to competently point it’s library of payloads at a GraphQL API, giving the defenders a chance to detect vulnerabilities before the criminals do.
Jared Meit
Jared Meit, OSWE, has always had a passion for taking things apart, learning how they work, and forgetting how to put them back together. He was a professional software developer for 12 years before shifting his focus to Application Security 5 years ago. His dev experience allows him to create tools that developer's will actually want to use.