How this template works
APIs Selection
- The template uses a regular expression filter to match URLs that contain the word "graphql". - This filter ensures that only APIs with GraphQL endpoints are selected for further processing.
Execute request
- The template specifies a single request to be executed. - The request modifies the URL by replacing any occurrence of "graphql" with "graphiql". - This modification is done to check if the GraphQL development console is exposed at the modified URL.
Validation
- The validation step checks the response payload for the presence of specific strings related to GraphQL development consoles. - If the response contains any of the specified strings ("GraphiQL", "GraphQL Playground", "GraphQL Console", "graphql-playground"), the validation is considered successful. That's it! The template filters APIs based on the URL, executes a modified request, and validates the response to determine if a GraphQL development console is exposed.
Frequently asked questions
"The text editor in Akto is absolutely remarkable. Its user-friendly YAML format strikes the perfect balance between simplicity and power. With intuitive features like 'API selection filter', 'Execute', Validate' creating test rules becomes incredibly easy. Akto's test editor is a game-changer, enabling seamless creation of highly personalized and effective tests that could meet the needs of any modern day organization. "
Security team,
Rippling
Explore other tests
eSMTP - Config Discovery
Nginx - Git Configuration Exposure
Laravel - Sensitive Information Disclosure
Docker Container - Misconfiguration Exposure
Msmtp - Config Exposure
Parameters.yml - File Discovery
Mongo Express - Unauthenticated Access
Apache Airflow Configuration Exposure
Dockerrun AWS Configuration Exposure
Apache Config file disclosure
Appspec Yml Disclosure
CGI script environment variable
