Offensive Security
Tools, Books & Training

We've curated some of our research into utilities, books and online courses availble for hackers, pentesters and bug bounty hunters.

Featured

Part 1/2: Foundational GraphQL API Attack Surface Training

Learn about GraphQL hacking from the authors who wrote Black Hat GraphQL. This crash course into GraphQL will give you a hands-on approach to learning about how this rapidly adopted API technology works and how its internals can be used as attack vectors.

1 DAY COURSE

Live Online Only

Featured

Part 2/2: Advanced Offensive GraphQL API Security Training

Master GraphQL hacking from the authors who wrote Black Hat GraphQL. This (part 2) advanced hacking course builds on top of the foundational knowledge you gained about GraphQL internals in part 1. Leveraging a custom hacking lab, you’ll delve into the details of how to execute numerous GraphQL attacks

1 DAY COURSE

Live Online Only

Explore some of our Offensive Security Research

Take a look at some of the tools we've built

...

GraphQL Threat Matrix

GraphQL threat framework used to research security gaps in GraphQL implementations.

...

CrackQL

CrackQL is a GraphQL password brute-force and fuzzing utility.

...

DVGA

Damn Vulnerable GraphQL Application is an intentionally vulnerable GraphQL app.

Featured Blog Article
...

Your Untested GraphQL API is a Ticking Time Bomb

Highlighting the specific challenges of securing GraphQL APIs, arguing for more penetration testing & secure development training to prevent breaches in a landscape where traditional controls and automated tooling falls short.
Latest Research

Announcing: Black Hat GraphQL

Black Hat GraphQL is for anyone interested in learning how to break and protect GraphQL APIs with the aid of offensive security testing. Whether you’re a penetration tester, security analyst, or software engineer, you’ll learn how to attack GraphQL APIs, develop hardening procedures, build automated security testing into your development pipeline, and validate controls, all with no prior exposure to GraphQL required.

Get the book! Get Training

Explore our Charity
Swag Shop.

The ASEC Swag Shop is filled with amazing clothing, tools and equipment. We put 100% of all proceeds to charities such as Brain Tumour Walk Canada.

Go to Shop

Continuously defend your organization's attack surface.

Proactively monitor all of your applications, servers, endpoints and cloud infrastructure by combining automation and expert-driven testing to continuously identify and remediate vulnerabilities.

Request a Demo Learn more
... ...
... ...