This article will help you dive into the topic of…
You are facing GraphQL API and want to test its security. But introspection query gives you huge unreadable JSON, web application uses only part of GraphQL API, and of course there is no public documentation. How to understand and test GraphQL API in such case?
Luckily there is the tool called GraphQL Voyager which visualises GraphQL schema. It’s especially useful for understanding GraphQL API and finding authorization vulnerabilities.
If you are new to GraphQL here are good starting points for learning it: