πŸš€ New Talk Dropped for BSides Luxembourg 2026!

πŸ•ΈοΈπŸ’₯ π—ͺ𝗛𝗔𝗧’𝗦 π—’π—Ÿπ—— π—œπ—¦ π—‘π—˜π—ͺ: π—˜π—«π—£π—Ÿπ—’π—œπ—§π—œπ—‘π—š π—–π—Ÿπ—”π—¦π—¦π—œπ—– π—©π—¨π—Ÿπ—‘π—˜π—₯π—”π—•π—œπ—Ÿπ—œπ—˜π—¦ π—œπ—‘ π—šπ—₯π—”π—£π—›π—€π—Ÿ π—”π—£π—œπ—¦ – Aleksa Zatezalo

Modern tech doesn’t mean modern security. This session walks through a real-world penetration test where a production GraphQL API backed by PostgreSQL was compromised using classic attack techniquesβ€”from schema enumeration to identifying vulnerable resolvers and injection points.

Follow the full exploitation chain from blind SQL injection to database superuser access, and uncover how broken authentication logic in GraphQL can expose sensitive data. With a live demo of GrapeQL, attendees will gain practical testing workflows and defensive strategies to properly secure GraphQL APIs.

Aleksa Zatezalo is a security engineer and offensive security researcher with experience in cloud security, penetration testing, and exploit development. A contributor to projects like Metasploit and an active member of the security community, he focuses on building practical tools and techniques to uncover and fix real-world vulnerabilities.

πŸ“… Conference Dates: 6–8 May 2026 | 09:00–18:00
πŸ“ 14, Porte de France, Esch-sur-Alzette, Luxembourg
🎟️ Tickets: [https://2026.bsides.lu/tickets/](https://2026.bsides.lu/tickets/)
πŸ“… Schedule Link: [https://pretalx.com/bsidesluxembourg-2026/schedule/](https://pretalx.com/bsidesluxembourg-2026/schedule/)

πŸ“² View full schedule & build your agenda: [https://hackertracker.app/schedule?conf=BSIDESLUX2026](https://hackertracker.app/schedule?conf=BSIDESLUX2026)

#BSidesLuxembourg2026 #GraphQL #AppSec #WebSecurity #SQLInjection #CyberSecurity