In this test we start with locating the GraphQL instance deployed on your web application and check if the enduser is allowed to send a query through GraphQL endpoint without any authentication or authorization. This is done by manually sending HTTP GET and POST requests to confirm the GraphQL endpoint.
Once the endpoint is found we check the GraphQL schema through introspection to determine what queries it supports. We than test if GraphQL is sending requests directly to the database to find the injection vulnerability.
If graphQL is deployed in your web application to directly send requests to the database and if by default there is no authentication in place than we will test if graphQL endpoints are vulnerable to SQL injection, XSS injection and denial of service.
We have to manually find the end points to do the introspection, but if introspection is disabled than we have to rely on invalid queries to get useful information through error messages, this process can take a while.
Report will include the details of all the tests conducted and vulnerabilities found.
Based on our finding through our extensive tests we will provide recommendations in the report on how to fix the GraphQL injection vulnerability.