Bishop Fox named “Leader” in 2024 GigaOm Radar for Attack Surface Management. Read the Report ›

Swagger Jacker: Improved Auditing of OpenAPI Definition Files

Discover the power of Swagger Jacker, an open-source audit tool designed to improve inspection of unintentionally exposed OpenAPI definition files for penetration testers.

Auditing API endpoints after the discovery of a publicly hosted specification file is no small task for penetration testers. APIs can have hundreds of defined routes and manual testing is often a tedious process. But neglecting comprehensive auditing of OpenAPI files across the attack surface can give attackers the upper hand leading to exploitation of vulnerabilities or misconfigurations in the API routes defined within the definition document. Unintentionally exposed files can unknowingly reveal routes with sensitive functionality leading to discovery and exploitation of IDOR, SQL injection vulnerabilities, information disclosure, and many other common vulnerability classes.

Tune in for our livestream with offensive security expert and tool creator Tony West to hear how Swagger Jacker, an innovative open-source tool, streamlines auditing of OpenAPI definition files for improved attack surface management. Tony will share his expertise on how Swagger Jacker automates analysis of response codes for each API defined route, expedites manual testing with curl command creation, and gathers endpoint routes.

The training session is a great opportunity to enhance your attack surface management and gain valuable insights from industry-leading experts in penetration testing. You’ll gain insights on:

  • Why improved audit capabilities of Open API definition files results in improved attack surface management
  • The Open API specification and the significance for penetration testing
  • Swagger Jacker in action – a live demo!
Tony West

About the speaker, Tony West

Operator III

As a member of the Bishop Fox Cosmos team, Tony focuses on the continuous testing of clients' public-facing attack surfaces. Prior to joining Bishop Fox, Tony served in the U.S. Air Force as a Senior Operator and Technical Lead of a Department of Defense Red Team. In 2023, Tony successfully transitioned from military service to the civilian workforce through the Skillbridge program. He holds a B.S. in Cybersecurity from University of Maryland Global Campus.

More by Tony

Extend Your Knowledge

Check out these related resources.

Video thumbnail featuring the speaker headshot, Jon Guild, and the title of the webcast: How to Ace the OSEP exam with the Sliver Framework.
Livestream

Ace the OSEP Exam with Sliver Framework

Unlock the secrets of passing the OSEP exam with our senior security expert, Jon Guild. Join us as Jon shares his invaluable tips and tricks for conquering this benchmark exam designed for penetration testers.

Learn More
Dark purple background with headshots of speakers Erez Yalon, Vandana Verma, and Joylynn Kirui, Bishop Fox logo, and title: The Art of Hacking, Hacker's Arsenal in AppSec.
Livestream

"Hacker's Arsenal in AppSec" Session - DEF CON 31

In this session, we investigate how applications are the beating heart of the digital realm, and as hackers, we know just how to make them skip a beat.

Learn More
Purple background sliver framework in white
Tech

Aug 05, 2019

A How-To Guide for Using Sliver

By Joe DeMesy, Ronan Kervella

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.