In situations where you wish to scan a GraphQL endpoint directly (as opposed to scanning it alongside a GUI application which triggers calls to the endpoint) this can be accomplished using the Standard or API Scanning scan profiles.
- Enter GraphQL endpoint into the Targets field in the scan configuration
- Enter GraphQL endpoint into following field in the scan configuration:
Web Application Scanner Settings
> API Scanning
> GraphQL
> GraphQL Endpoint
- If possible enable introspection for your API
These settings allow the AppCheck scanner to automatically discover the GraphQL schema and build a Mapped Attack Surface.
- If introspection cannot be enabled (for example for security reasons), perform the following steps:
- Go to Web Application Scanner Settings
> API Scanning
> GraphQL
> click Download Query button.
Copy the downloaded query and run it against your GraphQL. You should get the results in JSON format. - Add those results into the scan configuration in the following field:
Web Application Scanner Settings
> API Scanning
> GraphQL
> Introspection Query Results
- Go to Web Application Scanner Settings
- If querying your GraphQL requires preliminary authentication (such as obtaining a bearer token), you can configure API Authentication Helper plugin to do this job. You will need to know the relevant mutation query and variables to fetch the token.
Comments
0 comments
Article is closed for comments.