Bishop Fox named “Leader” in 2024 GigaOm Radar for Attack Surface Management. Read the Report ›

Swagger Jacker: Improved Auditing of OpenAPI Definition Files

Discover the power of Swagger Jacker, an open-source audit tool designed to improve inspection of unintentionally exposed OpenAPI definition files for penetration testers.

Auditing API endpoints after the discovery of a publicly hosted specification file is no small task for penetration testers. APIs can have hundreds of defined routes and manual testing is often a tedious process. But neglecting comprehensive auditing of OpenAPI files across the attack surface can give attackers the upper hand leading to exploitation of vulnerabilities or misconfigurations in the API routes defined within the definition document. Unintentionally exposed files can unknowingly reveal routes with sensitive functionality leading to discovery and exploitation of IDOR, SQL injection vulnerabilities, information disclosure, and many other common vulnerability classes.

Tune in for our livestream with offensive security expert and tool creator Tony West to hear how Swagger Jacker, an innovative open-source tool, streamlines auditing of OpenAPI definition files for improved attack surface management. Tony will share his expertise on how Swagger Jacker automates analysis of response codes for each API defined route, expedites manual testing with curl command creation, and gathers endpoint routes.

The training session is a great opportunity to enhance your attack surface management and gain valuable insights from industry-leading experts in penetration testing. You’ll gain insights on:

  • Why improved audit capabilities of Open API definition files results in improved attack surface management
  • The Open API specification and the significance for penetration testing
  • Swagger Jacker in action – a live demo!

Tony West

About the speaker, Tony West

Operator III

As a member of the Bishop Fox Cosmos team, Tony focuses on the continuous testing of clients' public-facing attack surfaces. Prior to joining Bishop Fox, Tony served in the U.S. Air Force as a Senior Operator and Technical Lead of a Department of Defense Red Team. In 2023, Tony successfully transitioned from military service to the civilian workforce through the Skillbridge program. He holds a B.S. in Cybersecurity from University of Maryland Global Campus.

More by Tony

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.