Home
GateKeeper is a modular API security analysis framework designed to evaluate REST endpoints for common security weaknesses. It combines functional validation with structured security analysis to provide actionable insights into API security posture.
The framework performs automated checks for:
- Data exposure
- Information leakage
- Security header integrity
- Header strength validation
- Security posture scoring and reporting
GateKeeper produces both human-readable console output and structured JSON findings for further analysis and future intelligence correlation workflows.
- Identify security misconfigurations in API responses
- Detect potential data exposure and information leakage risks
- Enforce best practices for HTTP security headers
- Provide a standardized security posture scoring model
- Enable extensible structured security testing for future enhancements
GateKeeper follows a layered modular platform architecture designed around specialized security intelligence subsystems, centralized orchestration, structured reporting, and scalable findings analysis pipelines.
Recent architectural evolution introduced centralized orchestration lifecycle handling and operational telemetry aggregation, enabling GateKeeper to evolve from a traditional testing utility into an explainable security intelligence platform.
The platform separates responsibilities into distinct architectural layers, including testing, orchestration, security intelligence, reporting, configuration management, and structured export handling.
- Testing Layer β Executes validation and security test scenarios against API endpoints.
- Core Orchestration Layer β Coordinates request handling, findings aggregation, and subsystem execution flow.
- Security Intelligence Layer β Performs exposure analysis, token analysis, header validation, authorization checks, and risk scoring.
- Reporting Layer β Renders structured findings, security scores, and exportable analysis results.
- Configuration Layer β Centralizes platform settings, environment variables, colors, and protected endpoint configuration.
- Export / Results Layer β Produces structured JSON output for reporting, integrations, and future Heimdall visualization support.
GateKeeper uses a centralized structured findings model to preserve consistent security intelligence across subsystems. Each finding includes:
- finding β classification of the issue
- severity β weighted risk level
- details β contextual evidence and analysis details
This architecture enables:
- Consistent scoring
- Structured reporting
- Subsystem trust propagation
- Scalable detection expansion
- Future intelligence correlation workflows
-
tests/
Executes API requests and triggers structured security analysis workflows -
security.py
Contains structured security analysis logic including:- Data exposure analysis
- Information leakage analysis
- Security header validation
- Header strength analysis
- Trust-boundary validation
-
output.py
Handles:- Structured findings presentation
- Security posture scoring
- Console reporting
- Summary aggregation
- JSON export support
Identifies potentially sensitive data returned in API responses.
Detects exposure of internal system details via headers such as:
ServerX-Powered-By
Validates presence, configuration, and strength of key security headers:
- Strict-Transport-Security
- X-Frame-Options
- Content-Security-Policy
- Referrer-Policy
- Permissions-Policy
- X-Content-Type-Options
Each endpoint is evaluated using a structured security posture scoring model designed to assess overall API security health based on cumulative findings and severity-weighted analysis.
- Starting Score: 100
-
Deductions are applied based on:
- Structured finding severity
- Information leakage findings
- Missing security headers
- Misconfigured security headers
- Sensitive data exposure findings
- Token anomaly analysis
- Header strength weaknesses
GateKeeper uses severity-weighted scoring to model overall API security posture. Higher scores indicate stronger defensive posture and reduced exposure risk.
| Score Range | Risk Level | Color |
|---|---|---|
| 90β100 | LOW RISK | π© Green |
| 70β89 | MEDIUM RISK | π¨ Yellow |
| 40β69 | HIGH RISK | π§ Orange |
| 0β39 | CRITICAL | π₯ Red |
GateKeeper currently uses a weighted security posture scoring model based on structured findings severity and endpoint analysis results. Scoring thresholds and risk classifications are actively evolving as the framework architecture matures.
GateKeeper now includes a centralized operational telemetry system designed to aggregate, summarize, and evaluate API security execution behavior across test runs.
The telemetry engine enables GateKeeper to transition from isolated endpoint validation into platform-level operational intelligence and execution-state awareness.
- Centralized execution aggregation
- Endpoint execution tracking
- Success / failure telemetry
- Timeout detection and resilience tracking
- Security score aggregation
- Risk-level classification aggregation
- System stability evaluation
- Structured operational reporting
GateKeeper now produces a centralized operational execution summary at the conclusion of security analysis workflows. This allows operators to evaluate overall platform execution health rather than relying solely on isolated endpoint findings.
The telemetry architecture is designed to support future behavioral analysis, historical correlation, execution baselining, and Heimdall visualization workflows.
-
Structured findings presentation:
- β Green β LOW RISK
β οΈ Yellow β MEDIUM RISK- π§ Orange β HIGH RISK
- β Red β CRITICAL
GateKeeper exports structured operational telemetry and security analysis data for automation, auditing, orchestration workflows, and future intelligence-driven analysis pipelines.
Example:
The export architecture now supports centralized operational summary metrics, risk aggregation, and future execution-state intelligence workflows.
- Endpoint validation
- Basic response handling
- Security header integrity checks
- Header strength validation
- Information leakage analysis
- Structured findings architecture
- Security posture scoring
- Console reporting
- JSON export
- GitHub Actions CI integration
- Email addresses
- Password fields
- Authentication tokens
- Social Security Numbers (SSNs)
Priority: High
Dependency: Builds on structured findings and analysis workflows
- HTML report generation (visual dashboard)
- CI/CD workflow refinement and regression validation
- Authentication and authorization testing
- Historical result tracking
- Custom rule engine
- Assisted finding correlation and intelligence aggregation
- Behavioral API telemetry analysis
- Operational telemetry dashboards
- Execution history correlation
- Behavioral anomaly detection
- Heimdall visualization engine
- Platform-wide execution baselining
- Adaptive risk intelligence modeling