Auditing API endpoints after the discovery of a publicly hosted specification file is no small task for penetration testers. APIs can have hundreds of defined routes and manual testing is often a tedious process. But neglecting comprehensive auditing of OpenAPI files across the attack surface can give attackers the upper hand leading to exploitation of vulnerabilities or misconfigurations in the API routes defined within the definition document. Unintentionally exposed files can unknowingly reveal routes with sensitive functionality leading to discovery and exploitation of IDOR, SQL injection vulnerabilities, information disclosure, and many other common vulnerability classes.
Tune in for our livestream with offensive security expert and tool creator Tony West to hear how Swagger Jacker, an innovative open-source tool, streamlines auditing of OpenAPI definition files for improved attack surface management. Tony will share his expertise on how Swagger Jacker automates analysis of response codes for each API defined route, expedites manual testing with curl command creation, and gathers endpoint routes.
The training session is a great opportunity to enhance your attack surface management and gain valuable insights from industry-leading experts in penetration testing. You’ll gain insights on:
- Why improved audit capabilities of Open API definition files results in improved attack surface management
- The Open API specification and the significance for penetration testing
- Swagger Jacker in action – a live demo!