Domain application.nait.ca
Canada
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2026-01-05 21:03
Last seen 2026-02-09 23:13
Open for 35 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1aad035498f178394d985667a104a7a4673f2dc7969bf8c51Public Swagger UI/API detected at path: /swagger/index.html - sample paths: GET /APASData/ReturnToAPAS GET /Admin/GetApplicationSettings GET /Admin/SyncMetaDatas GET /CSData/GetStateProvinceList GET /LoadTesting/GetApplicationSubtotal GET /LoadTesting/Initialize GET /LoadTesting/LoadApplicationData GET /LoadTesting/Update GET /StopApplication/ReturnToAPAS POST /APASData/Initialize POST /APASData/StopApplication POST /Application/GetApplicationSubtotal POST /Application/LoadApplicationData POST /Application/Update POST /Application/ValidateAlbertaStudentNumber POST /Application/ValidateAppStatus POST /Application/ValidateNONSSOApplication POST /Application/ValidatePromoCode POST /Application/ValidateSSOApplication POST /EdTesting/ResubmitApplication POST /ErrorLog/LogReactError POST /ExceptionCode/GetExceptionProgram POST /ExceptionCode/ValidateExceptionCode POST /Export/ClearCache POST /Export/ClearCountryStateCache POST /Export/GetApplicationCS_XML POST /Export/ProgramData POST /Export/ResubmitApasAck POST /Export/ResubmitApplicationCS_XML POST /Export/SubmitCancelledTransaction POST /Import/GetActiveStudentDiscount POST /Import/ProgramData POST /Import/UpdateActiveStudentDiscount POST /Payment/CancelTransaction POST /Payment/CreateTicket POST /Payment/GetPaymentReceipt POST /Payment/ProcessCompletedTransaction POST /Payment/ProcessFreeSubmission POST /SingleSignOnData/Initialize POST /StopApplication/LoadApplication POST /StopApplication/Submit
Found on 2026-02-09 23:13
-
-
Open service 52.233.38.143:443 ยท application.nait.ca
2026-01-23 13:22
HTTP/1.1 200 OK Content-Length: 792 Connection: close Content-Type: text/html Date: Fri, 23 Jan 2026 13:23:13 GMT Accept-Ranges: bytes ETag: "1dc609fec9c3a18" Last-Modified: Fri, 28 Nov 2025 19:48:10 GMT Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:b4eafc4a-8874-4c7c-bbdc-7b8e9c780686 X-Content-Type-Options: nosniff X-Frame-Options: DENY X-XSS-Protection: 1; mode=block Page title: NAIT Program Application <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8" /> <!-- <link rel="icon" type="image/svg+xml" href="/vite.svg" /> --> <link href="https://fonts.googleapis.com/icon?family=Material+Icons" rel="stylesheet" /> <link href="https://fonts.googleapis.com/icon?family=Material+Icons+Outlined" rel="stylesheet" /> <link rel="icon" type="image/png" size href="/images/nait.png" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <title>NAIT Program Application</title> <script type="module" crossorigin src="/assets/index-1f6b3000.js"></script> <link rel="stylesheet" href="/assets/index-a696e513.css"> </head> <body> <div id="root"></div> </body> </html>Found 2026-01-23 by HttpPluginCreate report