Rivudon Raj Tamang, a security researcher and ethical hacker, has published a write-up on hacking Swagger UI, a popular API development tool.
The article, titled “Hacking Swagger UI - 101”, is a step-by-step, hands-on guide that demonstrates how vulnerabilities in Swagger UI can lead to various attack vectors, including DOM XSS, resource injection, account takeovers, and credential harvesting.
Tamang provides links to free access to the full article as well as all research and study resources, along with steps to reproduce and proof of concept (POC) codes.
The writer emphasizes that the article is for educational purposes only, and that users should always seek permission before testing systems and hack responsibly.
Tamang also invites readers to connect with him via his LinkedIn profile.
This is part of an increasing trend in ethical hackers documenting and sharing their research with the wider world, for educational and protective purposes.