{"product_id":"black-hat-graphql-attacking-next-generation-apis-9781718502840","title":"Black Hat Graphql: Attacking Next Generation APIs","description":"\u003cb\u003eWritten by hackers for hackers, this hands-on book teaches penetration testers how to identify vulnerabilities in apps that use GraphQL, a data query and manipulation language for APIs adopted by major companies like Facebook and GitHub.\u003c\/b\u003e \u003cp\u003e\u003c\/p\u003e\u003ci\u003eBlack Hat GraphQL\u003c\/i\u003e is for anyone interested in learning how to break and protect GraphQL APIs with the aid of offensive security testing. Whether you're a penetration tester, security analyst, or software engineer, you'll learn how to attack GraphQL APIs, develop hardening procedures, build automated security testing into your development pipeline, and validate controls, all with no prior exposure to GraphQL required. \u003cp\u003e\u003c\/p\u003eFollowing an introduction to core concepts, you'll build your lab, explore the difference between GraphQL and REST APIs, run your first query, and learn how to create custom queries. \u003cp\u003e\u003c\/p\u003eYou'll also learn how to: \u003cp\u003e\u003c\/p\u003e\u003cul\u003e\n\u003cli\u003eUse data collection and target mapping to learn about targets \u003c\/li\u003e\n\u003cli\u003eDefend APIs against denial-of-service attacks and exploit insecure configurations in GraphQL servers to gather information on hardened targets\u003c\/li\u003e\n\u003cli\u003eImpersonate users and take admin-level actions on a remote server\u003c\/li\u003e\n\u003cli\u003eUncover injection-based vulnerabilities in servers, databases, and client browsers\u003c\/li\u003e\n\u003cli\u003eExploit cross-site and server-side request forgery vulnerabilities, as well as cross-site WebSocket hijacking, to force a server to request sensitive information on your behalf\u003c\/li\u003e\n\u003cli\u003eDissect vulnerability disclosure reports and review exploit code to reveal how vulnerabilities have impacted large companies\u003c\/li\u003e\n\u003c\/ul\u003e\u003cbr\u003eThis comprehensive resource provides everything you need to defend GraphQL APIs and build secure applications. Think of it as your umbrella in a lightning storm.\u003cbr\u003e\u003cbr\u003e\u003cb\u003eAuthor:\u003c\/b\u003e \u003ca href=\"https:\/\/sureshotbooks-com.myshopify.com\/search?type=product%2Carticle%2Cpage\u0026amp;q=AUTH-15544589\"\u003eNick Aleks\u003c\/a\u003e, \u003ca href=\"https:\/\/sureshotbooks-com.myshopify.com\/search?type=product%2Carticle%2Cpage\u0026amp;q=AUTH-15544590\"\u003eDolev Farhi\u003c\/a\u003e\u003cbr\u003e\u003cb\u003ePublisher:\u003c\/b\u003e No Starch Press\u003cbr\u003e\u003cb\u003ePublished:\u003c\/b\u003e 05\/23\/2023\u003cbr\u003e\u003cb\u003ePages:\u003c\/b\u003e 320\u003cbr\u003e\u003cb\u003eBinding Type:\u003c\/b\u003e Paperback\u003cbr\u003e\u003cb\u003eWeight:\u003c\/b\u003e 1.30lbs\u003cbr\u003e\u003cb\u003eSize:\u003c\/b\u003e 9.10h x 7.00w x 0.90d\u003cbr\u003e\u003cb\u003eISBN13:\u003c\/b\u003e 9781718502840\u003cbr\u003e\u003cb\u003eISBN10:\u003c\/b\u003e 1718502842\u003cbr\u003e\u003cb\u003eBISAC Categories:\u003c\/b\u003e\u003cbr\u003e- \u003ca href=\"https:\/\/sureshotbooks-com.myshopify.com\/search?type=product%2Carticle%2Cpage\u0026amp;q=CAT-COM\"\u003eComputers\u003c\/a\u003e | \u003ca href=\"https:\/\/sureshotbooks-com.myshopify.com\/search?type=product%2Carticle%2Cpage\u0026amp;q=BISAC-COM060180\"\u003eInternet | Web Services \u0026amp; APIs\u003c\/a\u003e\u003cbr\u003e- \u003ca href=\"https:\/\/sureshotbooks-com.myshopify.com\/search?type=product%2Carticle%2Cpage\u0026amp;q=CAT-COM\"\u003eComputers\u003c\/a\u003e | \u003ca href=\"https:\/\/sureshotbooks-com.myshopify.com\/search?type=product%2Carticle%2Cpage\u0026amp;q=BISAC-COM043050\"\u003eSecurity | Network Security\u003c\/a\u003e\u003cbr\u003e- \u003ca href=\"https:\/\/sureshotbooks-com.myshopify.com\/search?type=product%2Carticle%2Cpage\u0026amp;q=CAT-COM\"\u003eComputers\u003c\/a\u003e | \u003ca href=\"https:\/\/sureshotbooks-com.myshopify.com\/search?type=product%2Carticle%2Cpage\u0026amp;q=BISAC-COM051010\"\u003eLanguages | General\u003c\/a\u003e\u003cbr\u003e\u003cbr\u003e\u003cp\u003e\u003cb\u003eAbout the Author\u003c\/b\u003e\u003cbr\u003e\u003cb\u003eDolev Farhi\u003c\/b\u003e is a security engineer and author with extensive experience leading security engineering teams in complex environments and scale in the Fintech and cyber security industries. Currently, he is the Principal Security Engineer at Wealthsimple, building defenses for one of the fastest Fintech companies in North America. Dolev has previously worked for several security firms and provided training for official Linux certification tracks. He is one of the founders of DEFCON Toronto (DC416), a popular Toronto-based hacker group. In his spare time, he enjoys researching vulnerabilities in IoT devices, participating and building CTF challenges and contributing exploits to Exploit-DB. \u003c\/p\u003e\u003cp\u003e\u003c\/p\u003e\u003cb\u003eNick Aleks\u003c\/b\u003e is a leader in Toronto's cybersecurity community and a distinguished and patented security engineer, speaker, and researcher. He is currently the Senior Director of Security at Wealthsimple, leads his own security firm, ASEC.IO, and is a Senior Advisory Board member for HackStudent, George Brown, and the University of Guelph's Master of Cybersecurity and Threat Intelligence programs. A founder of DEFCON Toronto, he specializes in offensive security and penetration testing and has over 10 years of experience hacking everything from websites, safes, locks, cars, drones, and even smart buildings.","brand":"No Starch Press","offers":[{"title":"Default Title","offer_id":44519903232237,"sku":"9781718502840","price":59.99,"currency_code":"USD","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0550\/8097\/6621\/products\/img_0c63a3f8-b740-470f-a757-c1357d257f5a.jpg?v=1701266281","url":"https:\/\/sureshotbooks.com\/es\/products\/black-hat-graphql-attacking-next-generation-apis-9781718502840","provider":"SureShot Books Publishing LLC","version":"1.0","type":"link"}