GraphQL Library Detection
Acunetix 360 can detect GraphQL endpoints and libraries used in your web application.
GraphQL is a query language for APIs. The query language makes it easier and quicker to get data from a server to a client via an API call.
Acunetix 360 can detect GraphQL endpoints and libraries by sending specific queries to your web application.
- Acunetix 360 sends requests specific URL paths to identify a GraphQL endpoint.
- Simultaneously, Acunetix 360 sends specific GraphQL queries to identify the library running behind.
Attackers can use this endpoint to stage attacks, thus securing GraphQL endpoints are critical. For further information, see Securing a GraphQL endpoint.
The GraphQL library detection is enabled by default. This article explains how to disable the library detection support.
Importing your GraphQL schema to identify vulnerabilities in your schema? See Scanning a GraphQL API for vulnerabilities.
GraphQL Detection Support fields
This table describes the fields in the GraphQL Detection Support panel.
Possible GraphQL Endpoint Paths
These are paths that Acunetix 360 searches for GraphQL Endpoints. You can add your endpoints by separating them with a comma.
Only Run On The Start Path
This lets you restrict the attacks to the start path only. If disabled, Acunetix 360 attacks every unique directory.
To deselect this check, you need to create a custom scan policy. For further information about creating a custom policy, see Configuring Scan Policies.
How to disable the GraphQL Library Detection check in Acunetix 360
- Log in to Acunetix 360.
- From the main menu, select Policies > New Scan Policy.
- Select Security Checks.
- Deselect GraphQL Library Detection.
- Select Save.