Description

Book Synopsis
Web applications are increasingly using the query language GraphQL to share data, but the security of these useful APIs is lagging behind. Authored by the developers of widely used GraphQL security-testing tools, Black Hat GraphQL will teach you how to find and exploit flaws in this technology. Early chapters provide in-depth knowledge of GraphQL and its query language, as well as its potential security pitfalls. Readers will then be guided through setting up a hacking lab for targeting GraphQL applications using specialized GraphQL security tools. They will learn how to conduct offensive security tests against production GraphQL systems by gleaning information from GraphQL implementations during reconnaissance and probing them for vulnerabilities, like injections, information disclosure, and Denial of Service.

Trade Review
"Black Hat GraphQL is the best resource for anyone looking to test GraphQL for vulnerabilities. Not only did Aleks and Farhi write the book, but they also created the vulnerable application used in the books labs and created a suite of tools specially designed for analyzing weaknesses within GraphQL APIs. This is a must-read book for those in API security."
—Corey Ball, author of Hacking APIs

"This book brought me from zero to ‘incredibly dangerous’ in ten chapters. The authors break down complex topics, making them easy to understand, as well as outlining pros and cons of each feature, tool, and tactic. The book also has quite a bit of foreshadowing, mentioning how certain parts of GraphQL work, and how they will be exploited later. The authors share not only several hands-on labs, but several tools they created themselves and open-sourced for all to use. If you are going to be PenTesting GraphQL systems, or are charged with protecting such a system, this book is a must-have."
—Tanya Janca, founder of We Hack Purple

“With the increasing number of web platforms built on top of GraphQL, this book is an essential resource for all security practitioners. By covering both the basics and advanced topics, Nick and Dolev have created the ultimate guide to hacking GraphQL.”
—Luca Carettoni, Doyensec

"Knowing how to secure GraphQL is often the first question most users have after they have that "ah ha!" moment about how cool it is. While Apollo and others have written a lot of great documentation on best security practices, Black Hat GraphQL is the most comprehensive look from the other side. This is not just a book for red teamers or penetration testers. Any GraphQL developer will learn a lot here."
—Tad Whitaker, Apollo GraphQL

"I study my way up in cybersecurity, in part, through books. While many of the books I use don't actually bring something new to the table, Black Hat GraphQL is definitely an exception. My copy, believe it or not, is oversaturated with highlights. And that probably says it all."
—Cristi Vlad, @CristiVlad25, cybersecurity researcher

Table of Contents
Foreword
Acknowledgments
Introduction
Chapter 1: A Primer on GraphQL
Chapter 2: Setting Up a GraphQL Security Lab
Chapter 3: The GraphQL Attack Surface
Chapter 4: Reconnaissance
Chapter 5: Denial of Service
Chapter 6: Information Disclosure
Chapter 7: Authentication and Authorization Bypasses
Chapter 8: Injection
Chapter 9: Request Forgery and Hijacking
Chapter 10: Disclosed Vulnerabilities and Exploits
Appendix A: GraphQL API Testing Checklist
Appendix B: GraphQL Security
Resources
Index

Black Hat Graphql: Attacking Next Generation APIs

    Product form

    £42.74

    Includes FREE delivery

    RRP £56.99 – you save £14.25 (25%)

    Order before 4pm tomorrow for delivery by Thu 2 Jul 2026.

    A Paperback / softback by Nick Aleks, Dolev Farhi

    2 in stock

      Trusted by thousands of customers. See 2,385+ Customer Reviews

      View other formats and editions of Black Hat Graphql: Attacking Next Generation APIs by Nick Aleks

      Publisher: No Starch Press,US
      Publication Date: 23/05/2023
      ISBN13: 9781718502840, 978-1718502840
      ISBN10: 1718502842
      Also in:
      Computing Computer programming / software engineering

      Description

      Book Synopsis
      Web applications are increasingly using the query language GraphQL to share data, but the security of these useful APIs is lagging behind. Authored by the developers of widely used GraphQL security-testing tools, Black Hat GraphQL will teach you how to find and exploit flaws in this technology. Early chapters provide in-depth knowledge of GraphQL and its query language, as well as its potential security pitfalls. Readers will then be guided through setting up a hacking lab for targeting GraphQL applications using specialized GraphQL security tools. They will learn how to conduct offensive security tests against production GraphQL systems by gleaning information from GraphQL implementations during reconnaissance and probing them for vulnerabilities, like injections, information disclosure, and Denial of Service.

      Trade Review
      "Black Hat GraphQL is the best resource for anyone looking to test GraphQL for vulnerabilities. Not only did Aleks and Farhi write the book, but they also created the vulnerable application used in the books labs and created a suite of tools specially designed for analyzing weaknesses within GraphQL APIs. This is a must-read book for those in API security."
      —Corey Ball, author of Hacking APIs

      "This book brought me from zero to ‘incredibly dangerous’ in ten chapters. The authors break down complex topics, making them easy to understand, as well as outlining pros and cons of each feature, tool, and tactic. The book also has quite a bit of foreshadowing, mentioning how certain parts of GraphQL work, and how they will be exploited later. The authors share not only several hands-on labs, but several tools they created themselves and open-sourced for all to use. If you are going to be PenTesting GraphQL systems, or are charged with protecting such a system, this book is a must-have."
      —Tanya Janca, founder of We Hack Purple

      “With the increasing number of web platforms built on top of GraphQL, this book is an essential resource for all security practitioners. By covering both the basics and advanced topics, Nick and Dolev have created the ultimate guide to hacking GraphQL.”
      —Luca Carettoni, Doyensec

      "Knowing how to secure GraphQL is often the first question most users have after they have that "ah ha!" moment about how cool it is. While Apollo and others have written a lot of great documentation on best security practices, Black Hat GraphQL is the most comprehensive look from the other side. This is not just a book for red teamers or penetration testers. Any GraphQL developer will learn a lot here."
      —Tad Whitaker, Apollo GraphQL

      "I study my way up in cybersecurity, in part, through books. While many of the books I use don't actually bring something new to the table, Black Hat GraphQL is definitely an exception. My copy, believe it or not, is oversaturated with highlights. And that probably says it all."
      —Cristi Vlad, @CristiVlad25, cybersecurity researcher

      Table of Contents
      Foreword
      Acknowledgments
      Introduction
      Chapter 1: A Primer on GraphQL
      Chapter 2: Setting Up a GraphQL Security Lab
      Chapter 3: The GraphQL Attack Surface
      Chapter 4: Reconnaissance
      Chapter 5: Denial of Service
      Chapter 6: Information Disclosure
      Chapter 7: Authentication and Authorization Bypasses
      Chapter 8: Injection
      Chapter 9: Request Forgery and Hijacking
      Chapter 10: Disclosed Vulnerabilities and Exploits
      Appendix A: GraphQL API Testing Checklist
      Appendix B: GraphQL Security
      Resources
      Index

      Recently viewed products

      © 2026 Book Curl

        • American Express
        • Apple Pay
        • Diners Club
        • Discover
        • Google Pay
        • Maestro
        • Mastercard
        • PayPal
        • Shop Pay
        • Union Pay
        • Visa

        Login

        Forgot your password?

        Don't have an account yet?
        Create account