New Talk Dropped for BSides Luxembourg 2026!οΈ πͺπππ§βπ¦ π’ππ ππ¦ π‘ππͺ: ππ«π£ππ’ππ§ππ‘π ππππ¦π¦ππ π©π¨ππ‘ππ₯πππππππ¦ ππ‘ ππ₯ππ£ππ€π ππ£ππ¦ β Aleksa ZatezaloModern tech doesnβt mean modern security. This session walks through a real-world penetration test where a production GraphQL API backed by PostgreSQL was compromised using classic attack techniquesβfrom schema enumeration to identifying vulnerable resolvers and injection points.Follow the full exploitation chain from blind SQL injection to database superuser access, and uncover how broken authentication logic in GraphQL can expose sensitive data. With a live demo of GrapeQL, attendees will gain practical testing workflows and defensive strategies to properly secure GraphQL APIs.Aleksa Zatezalo is a security engineer and offensive security researcher with experience in cloud security, penetration testing, and exploit development. A contributor to projects like Metasploit and an active member of the security community, he focuses on building practical tools and techniques to uncover and fix real-world vulnerabilities. Conference Dates: 6β8 May 2026 | 09:00β18:00 14, Porte de France, Esch-sur-Alzette, LuxembourgοΈ Tickets: [https://2026.bsides.lu/tickets/](https://2026.bsides.lu/tickets/) Schedule Link: [https://pretalx.com/bsidesluxembourg-2026/schedule/](https://pretalx.com/bsidesluxembourg-2026/schedule/) View full schedule & build your agenda: [https://hackertracker.app/schedule?conf=BSIDESLUX2026](https://hackertracker.app/schedule?conf=BSIDESLUX2026) #BSidesLuxembourg2026 #GraphQL #AppSec #WebSecurity #SQLInjection #CyberSecurity
