Attack surface management company Intruder Solutions Ltd. has launched AutoSwagger, a free, open-source tool that scans OpenAPI-documented application programming interfaces for broken authorization vulnerabilities. The tool aims to address the growing issue of API-related data breaches, which are up nearly 40% year-over-year. AutoSwagger is the first freely available tool proven effective in detecting dangerous API vulnerabilities. The tool works by identifying API schemas across various formats and locations, searching for OpenAPI and Swagger documentation pages, and parsing the documentation to generate a comprehensive list of endpoints for testing. It then undertakes targeted scans to detect broken authorization vulnerabilities, flags endpoints that return a successful response instead of HTTP 401 or 403 errors, and highlights endpoints where authentication is missing or ineffective. AutoSwagger analyzes any successful responses for signs of exposed sensitive data, such as personally identifiable information, credentials, or internal records.