I offer targeted GraphQL application security testing, combining manual exploitation techniques with deep schema analysis to uncover vulnerabilities commonly missed by automated scanners. Ideal for red team scenarios, security assessments, or pre-production hardening.

Capabilities:
Schema & Endpoint Enumeration: Mapping exposed operations, types, queries, and mutations via introspection, proxying, and passive discovery — even when introspection is disabled.
Access Control Testing: Validation of broken object-level authorization (BOLA), unauthorized mutations, role misconfigurations, and hidden sensitive operations accessible through crafted queries.
Injection & Execution Testing: Manual testing for injection vectors including GraphQL-specific injections, resolver misbehavior, NoSQL/SQLi within resolvers, and code execution paths from insecure resolver logic.
Query Abuse & DoS Vectors: Detection of overly permissive filtering, nested queries, or recursion-based denial-of-service opportunities (e.g., via __typename, deeply nested fragments).
Information Leakage: Identifying verbose error messages, exposed internal types/enums, or relationships that leak business logic, user data, or backend implementation details.
Security Misconfigurations: Evaluation of endpoint exposure, CORS policies, authentication bypass, and improper rate limiting on GraphQL endpoints.

Testing is done using Burp Suite, custom scripts, GraphQL IDEs (like GraphiQL/Altair), and purpose-built recon tooling. All findings are manually verified and include PoCs, risk impact, and remediation suggestions.

Pricing is determined by schema size, number of authenticated roles, and the testing scope (unauthenticated, low-priv, admin-level, etc).

Message me to discuss your application, target environment, and engagement model. Testing is thorough, manual-first, and designed to reflect real-world attacker methodology.