-
Notifications
You must be signed in to change notification settings - Fork 0
Architecture
Project GateKeeper is a modular API security analysis and operational telemetry framework designed to combine deterministic security validation, structured risk analysis, orchestration lifecycle awareness, and extensible intelligence-driven detection capabilities.
The framework blends traditional API testing methodologies with lightweight security analysis to identify vulnerabilities, misconfigurations, information leakage, and sensitive data exposure within API responses.
GateKeeper follows a layered modular architecture that separates endpoint execution, security intelligence, orchestration lifecycle management, operational telemetry aggregation, reporting, and configuration management into specialized platform subsystems.
Endpoint Execution
↓
Response Intelligence Analysis
↓
Structured Findings Generation
↓
Security Posture Scoring
↓
Operational Telemetry Aggregation
↓
Structured Reporting & Serialization
↓
Terminal Output / Intelligence Rendering
GateKeeper now includes centralized operational telemetry orchestration designed to aggregate execution-state intelligence across security analysis workflows.
The telemetry subsystem enables GateKeeper to evaluate not only isolated endpoint findings, but also platform-wide operational behavior including execution stability, timeout resilience, aggregated risk posture, and security scoring trends.
- Endpoint execution aggregation
- Success / failure classification
- Timeout tracking
- Security score aggregation
- Risk-level correlation
- Stability classification
- Structured operational reporting
- Future execution-state intelligence expansion
This architecture establishes the foundation for future behavioral analysis, historical telemetry correlation, anomaly detection, execution baselining, and Heimdall operational visualization workflows.
GateKeeper is evolving toward centralized intelligence orchestration, allowing multiple security analysis subsystems to contribute normalized findings into a unified reporting and scoring pipeline.
GateKeeper is evolving toward centralized intelligence orchestration, allowing multiple security analysis subsystems to contribute normalized findings into a unified reporting and scoring pipeline.
GateKeeper standardizes security detections using a centralized structured findings model.
{
"finding": "Information Leakage",
"severity": "MEDIUM",
"details": "Server header exposed: cloudflare"
}This architecture enables:
- Centralized severity scoring
- Consistent reporting output
- Structured JSON exports
- Future assisted-analysis integration
- Scalable detection expansion
GateKeeper uses weighted, structured findings severity to calculate overall API security posture and reporting intelligence.
| Severity | Description |
|---|---|
| LOW | Minor security concerns |
| MEDIUM | Moderate risk findings present |
| HIGH | Significant security weaknesses detected |
| CRITICAL | Severe exposure or exploitation risk |
Risk scores are dynamically calculated based on structured finding severity and detection frequency.
| Module | Responsibility |
|---|---|
security.py |
Security intelligence orchestration including exposure analysis, header validation, authorization analysis, and structured findings generation |
output.py |
Operational telemetry orchestration, structured findings rendering, posture scoring, lifecycle reporting, and export coordination |
token_analysis.py |
Token intelligence subsystem responsible for JWT validation, entropy analysis, token classification, and anomaly detection |
test_endpoints.py |
Endpoint execution orchestration and response lifecycle validation |
- Endpoint testing
- HTTP response validation
- Expected/invalid endpoint handling
- Server header exposure
- X-Powered-By detection
- Header disclosure analysis
- Missing security header detection
- Misconfigured header analysis
- Header strength validation
- JWT structure validation
- Token anomaly detection
- Length and entropy analysis
- Password detection
- Token exposure detection
- Internal field discovery
- Sensitive response analysis
- Protected endpoint classification
- Contextual authorization validation scaffolding
- Secure trust-boundary evaluation
- Unauthorized access detection architecture
GateKeeper includes trust-boundary validation capabilities designed to identify endpoints that improperly allow unauthorized access.
Current capabilities include:
- Unauthorized access detection
- Missing authentication analysis
- HIGH severity structured findings generation
This architecture establishes the foundation for future:
- Role-based access validation
- Behavioral access analysis
- Adversarial API security testing
- Future trust-aware analysis expansion (Heimdal roadmap)
GateKeeper’s transition from placeholder API environments to HTTPBin introduced a major architectural evolution in how the framework processes and validates endpoint responses.
Early GateKeeper testing relied on environments such as JSONPlaceholder and DummyJSON, which provided predictable JSON schemas and simplified endpoint behavior. These environments were effective for establishing foundational capabilities such as endpoint validation, structured findings generation, security scoring, and response analysis workflows.
As GateKeeper evolved toward contextual trust-boundary validation and more realistic response behavior analysis, the framework was migrated to HTTPBin.
The HTTPBin integration effort revealed an important architectural limitation within the original validation logic.
GateKeeper initially assumed that all endpoint responses would follow similar JSON schema structures. Earlier functional assertions expected response objects to contain predefined keys such as:
assert data["id"] == 1However, HTTPBin returned an entirely different JSON structure:
{
"slideshow": {
...
}
}This discovery highlighted the need for schema-aware validation and adaptive response intelligence within the framework.
The platform was subsequently refined to validate actual expected response structures instead of relying on hardcoded placeholder API assumptions.
Updated validation logic evolved toward:
assert "slideshow" in dataThis architectural milestone introduced several important long-term design considerations for GateKeeper, including:
- Schema-aware endpoint validation
- Dynamic response structure handling
- Adaptive parser logic
- Content-type awareness
- Trust-aware response classification
- Graceful handling of unexpected response formats
Future GateKeeper development will continue evolving toward intelligent response analysis capable of dynamically identifying and handling:
- JSON responses
- HTML responses
- Plain-text responses
- XML responses
- Redirect behavior
- Unsupported or anomalous content types
This progression reflects GateKeeper’s ongoing evolution from basic endpoint validation toward resilient, context-aware API security analysis architecture.
Planned future enhancements include:
- Assisted finding correlation and intelligence aggregation
- Advanced attack pattern recognition
- OWASP API Top 10 coverage expansion
- Enhanced reporting dashboards
- CI/CD integration pipelines
- Config-driven rule management
- Intelligent anomaly detection
- Operational telemetry dashboards
- Historical execution correlation
- Behavioral anomaly detection
- Execution-state baselining
- Heimdall operational visualization engine
- Adaptive orchestration intelligence
GateKeeper is designed to evolve beyond lightweight API security testing into a scalable intelligent security analysis platform capable of combining deterministic validation with future-assisted security correlation and adaptive analysis workflows.