The "Exploiting GraphQL - For Fun & Profit" workshop is a comprehensive and hands-on training session focused on the security aspects of GraphQL. Participants will gain an in-depth understanding of GraphQL's architecture, its applications, and how to identify and exploit potential vulnerabilities. Over the course of two days, attendees will explore the fundamentals of GraphQL, learn about its real-world use cases, and discover techniques to locate GraphQL endpoints within web applications. The workshop will also cover security considerations specific to GraphQL, including injection attacks, access control flaws, and schema manipulation. Practical exercises and demonstrations will enable participants to analyse and exploit vulnerabilities while emphasising the importance of secure coding practices. This workshop is ideal for cybersecurity professionals, web developers, and penetration testers interested in expanding their knowledge of GraphQL security. Join us to acquire the practical skills needed to secure GraphQL APIs and mitigate potential threats in today's evolving web application landscape.