Autoswagger is a free, open-source tool designed to scan OpenAPI-documented APIs for broken authorization vulnerabilities. These vulnerabilities remain common, even among organizations with strong security postures, and pose a significant risk as they can be exploited easily.
Key features and approach
API Schema Detection: Begins with a list of organization domains and scans for OpenAPI/Swagger documentation across various formats and locations.
Endpoint Enumeration: Parses the discovered API specs to automatically generate a comprehensive list of endpoints along with their required parameters.
Authorization Testing: Sends requests to endpoints using valid parameters and flags those that return successful responses instead of the expected HTTP 401/403, highlighting potential improper or missing access control.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: