Jared Meit

Jared Meit

Senior Application Security Consultant - Forward Security

Jared Meit, OSWE, has always had a passion for taking things apart, learning how they work, and forgetting how to put them back together. He was a professional software developer for 12 years before shifting his focus to Application Security 5 years ago. His dev experience allows him to create tools that developer’s will actually want to use.

Presentation Abstract

Hack a GraphQL Web App

Rest APIs have been the backbone of web apps for over a decade, but a challenger has approached and is gradually becoming the new industry standard. That is GraphQL, ‘a query a language for your API.’

GraphQL is a growing target but the pentesting tools have yet to keep up, leaving the criminals with more time and opportunity to probe and exploit vulnerabilities in your web apps.

We sought to solve this with our new plugin for Burp Suite, the AppSec pen tester’s favourite tool.

Workshop Objectives:

  • Understand GraphQL and the shortcomings of modern pentesting tools
  • Hack a vulnerable web app
  • Specifically: automated attack surface discovery and vulnerability scanning. Followed by exploitation.