TypeScript

R3zk0n · October 2, 2025

API

Contents

Techniques

• Use semgrep to find vulnerabilities
• GraphQL
  • Search for resolvers which can be integrated with GraphQL - follow these functions to find unauthenticated bugs or other issues
  • src/schema –> GraphQL translated to REST API requests
  • resolvers/types

Resources

• Beginner Course: https://twitter.com/mattpocockuk/status/1575811782220054534

Methodology

Lukes Methodolgy to Typescript

1. Review the unit testcases - Reviewing these can help us understand why and what type of issues could be identified, things such as a unit test to check authentication but doesnt check the headers is a good idea for a possible issue that maybe present.
2. Semgrep - Semgrep helps find the lower hanging bugs but since we use typescript and graphQL alot of the default bugs arent present anymore, unless they do something stupid such as from { Prcess } import *;
3. Review the commit and changelogs. These can show issues as well as include things like credentials removed in the commits. TruffleHog can help automate this.

Share: Twitter, Facebook