Rhino Security Labs

Strategic & Technical Blog

Simplifying API Pentesting With Swagger Files

David Yesland

The current OpenAPI parsing and handling tools are not geared towards pentesting an API. We created Swagger-EZ to make getting up and running with API pentesting faster and less painful. The Github repository is here.
When auditing an API…

AWS Privilege Escalation – Methods and Mitigation

SleuthQL: A SQL Injection Discovery Tool

Authenticated File Read Vulnerability in JasperReports
(CVE-2018-5430)

Hector Monsegur

In dealing with the day to day engagements, Rhino Security Labs’ consultants are introduced a variety of applications deployed in complex enterprise environments.  Our team is often tasked with auditing these production installations for various vulnerabilities. …