Web Hacking - GraphQL Missing Access Controls (IDOR)

GraphQL APIs have become more and more common in web apps nowadays, so getting familiar with them is good for anyone who wants to do bounty or appsec stuff. In this video we go over introspection query filter bypasses and missing access controls (IDORs) on the field level of objects in graphQL APIs. More resources on hacking graphQL: Damn Vulnerable GraphQL App: https://github.com/dolevf/Damn-Vulnerable-GraphQL-Application Hacking APIs: https://nostarch.com/hacking-apis