Project GateKeeper is a modular API security analysis framework designed to combine deterministic API validation with structured security analysis and severity-based risk scoring.
The framework blends traditional QA-style endpoint testing with lightweight security intelligence to identify vulnerabilities, information leakage, misconfigurations, token anomalies, and sensitive data exposure within API responses.
- Endpoint response testing
- HTTP status validation
- Invalid endpoint handling
- Request verification
- Information leakage detection
- Missing security header detection
- Misconfigured header analysis
- Header strength validation
- Unauthorized access detection
- Trust-boundary validation
- Missing authentication analysis
- Protected endpoint awareness
- Contextual trust-boundary validation
- Secure authorization behavior validation scaffolding
- Unauthorized access detection architecture
- JWT structure validation
- Token anomaly detection
- Length and entropy analysis
- Password exposure detection
- Token exposure detection
- Internal field discovery
- Sensitive response analysis
- Weighted severity scoring
- LOW / MEDIUM / HIGH / CRITICAL classification
- Structured findings model
- Severity-aware analysis pipeline
GateKeeper now includes a centralized operational telemetry system designed to aggregate and summarize API security test execution results.
- Centralized endpoint tracking
- Security score aggregation
- Risk-level classification
- Missing security header analysis
- Information exposure tracking
- Sensitive field detection
- Timeout resilience handling
- Graceful response degradation
- Unified pytest session lifecycle orchestration
- End-of-session operational summaries
========================================
GATEKEEPER OPERATIONAL SUMMARY
========================================
Endpoints Tested: 2
Successful Responses: 2
Failed Responses: 0
Timeouts Detected: 0
Average Security Score: 60
Highest Risk Level: HIGH RISK
Information Exposures: 0
Missing Headers: 12
Sensitive Findings: 0
System Stability: DEGRADED
========================================
GateKeeper uses a modular architecture with centralized structured findings generation.
The framework validates not only endpoint availability, but also secure endpoint behavior through trust-boundary analysis and structured security enforcement validation.
{
"finding": "Information Leakage",
"severity": "MEDIUM",
"details": "Server header exposed: cloudflare",
"why_it_matters": "Exposed infrastructure details may assist reconnaissance efforts.",
"recommended_actions": [
"Review reverse proxy header policies",
"Minimize infrastructure disclosure"
],
"trust_level": "moderate"
}This enables:
- Consistent scoring
- Structured reporting
- Future intelligence-correlation integration
- Scalable detection expansion
- Standardized JSON export support
GateKeeper originally began as a lightweight API security testing framework focused on endpoint validation and response analysis.
The platform has since evolved into a modular operational telemetry system capable of:
- Aggregating distributed security findings
- Performing runtime risk analysis
- Tracking endpoint stability
- Generating centralized operational summaries
- Supporting scalable future telemetry integrations
This architectural evolution establishes the foundation for future enhancements such as:
- Historical trend analysis
- SIEM integrations
- Dashboard reporting
- Export pipelines
- Threat intelligence correlation
GateKeeper is designed using a graceful degradation philosophy.
When endpoints fail, timeout, or return malformed responses, the framework:
- Avoids catastrophic test crashes
- Preserves telemetry collection
- Logs operational instability
- Continues executing remaining security analysis safely
This approach enables resilient security testing even in unstable environments.
GateKeeper → Observe
Monolith → Remember
Heimdall → Interpret
Project GateKeeper is evolving toward a cooperative security intelligence ecosystem built around layered responsibilities and explainable security analysis.
- GateKeeper performs endpoint observation, validation, and structured security analysis.
- Monolith serves as the centralized intelligence persistence and contextual memory layer.
- Heimdall acts as the interpretation and adaptive analysis layer, transforming technical findings into contextual human-readable intelligence.
This architecture supports future explainable security intelligence workflows, adaptive analysis, structured trust-aware interpretation, and resilient analysis across heterogeneous API environments.
[SECURITY FINDING] GET /post/1 - Potential information leakage detected:
- [MEDIUM] Server header exposed: cloudflare
----------------------------------------
[FAIL] Missing Security Headers:
- Content-Security-Policy
- Referrer-Policy
- Permissions-Policy
----------------------------------------
[SECURITY SCORE] GET /post/1 → 90/100
gatekeeper-api-security-testing/
├── core/
│ ├── client.py
│ ├── orchestration.py
│ └── results.py
│
├── security/
│ ├── security.py
│ ├── token_analysis.py
│ └── scoring.py
│
├── reporting/
│ ├── output.py
│ └── export.py
│
├── config/
│ ├── colors.py
│ ├── settings.py
│ └── protected_endpoints.json
│
├── tests/
│ ├── test_endpoints.py
│ └── token_analysis.py
│
├── docs/
│
├── README.md
├── requirements.txt
├── LICENSE
└── conftest.py
git clone https://github.com/GunSlinger0715/gatekeeper-api-security-testing.git
cd gatekeeper-api-security-testing
pip install -r requirements.txtpytest -sGateKeeper uses GitHub Actions for automated continuous integration testing.
Every push and pull request to the main branch automatically triggers:
- Dependency installation
- Environment validation
- Automated pytest execution
This ensures the project remains stable, portable, and regression-resistant as the architecture evolves.
From Validation to Intelligence.
From GateKeeper to Heimdall.
Current development priorities include:
- Structured findings architecture
- Severity-based scoring refinement
- Enhanced token anomaly analysis
- Improved reporting and visualization
- CI/CD workflow refinement
- Operational telemetry stabilization
- Resilient execution orchestration
Planned future enhancements include:
- Assisted finding correlation and intelligence aggregation
- Advanced attack pattern recognition
- OWASP API Top 10 expansion
- Enhanced dashboards and reporting
- Config-driven detection rules
- Intelligent anomaly analysis
- Historical telemetry tracking
- SIEM integration support
- Behavioral API analysis pipelines
GateKeeper is designed to evolve beyond lightweight API security testing into a scalable, context-aware security analysis platform capable of adapting to increasingly complex API ecosystems and response behaviors.
Future architectural development will focus on intelligent response analysis, adaptive validation logic, and resilient trust-aware security workflows, including:
- Adaptive response-type detection and schema-aware validation
- Dynamic handling of JSON, HTML, XML, and text-based API responses
- Intelligent response classification and contextual trust-boundary analysis
- Resilient parser routing and graceful handling of unexpected response formats
Future ecosystem development may include behavioral API telemetry analysis, anomaly inspection workflows, and structured intelligence persistence across modular security subsystems.
This project is licensed under the MIT License.
See the LICENSE file for additional details.