GunSlinger0715/gatekeeper-api-security-testing

# Project GateKeeper Project GateKeeper is a modular API security analysis framework designed to combine deterministic API validation with structured security analysis and severity-based risk scoring. The framework blends traditional QA-style endpoint testing with lightweight security intelligence to identify vulnerabilities, information leakage, misconfigurations, token anomalies, and sensitive data exposure within API responses. # Features ## API Validation - Endpoint response testing - HTTP status validation - Invalid endpoint handling - Request verification ## Security Analysis - Information leakage detection - Missing security header detection - Misconfigured header analysis - Header strength validation - Unauthorized access detection - Trust-boundary validation - Missing authentication analysis ## Authorization Validation - Protected endpoint awareness - Contextual trust-boundary validation - Secure authorization behavior validation scaffolding - Unauthorized access detection architecture ## Token Analysis - JWT structure validation - Token anomaly detection - Length and entropy analysis ## Sensitive Data Exposure - Password exposure detection - Token exposure detection - Internal field discovery - Sensitive response analysis ## Risk Scoring Engine - Weighted severity scoring - LOW / MEDIUM / HIGH / CRITICAL classification - Structured findings model - Severity-aware analysis pipeline ## Operational Telemetry Engine GateKeeper now includes a centralized operational telemetry system designed to aggregate and summarize API security test execution results. ### Current Telemetry Capabilities - Centralized endpoint tracking - Security score aggregation - Risk-level classification - Missing security header analysis - Information exposure tracking - Sensitive field detection - Timeout resilience handling - Graceful response degradation - Unified pytest session lifecycle orchestration - End-of-session operational summaries ### Operational Summary Example ======================================== GATEKEEPER OPERATIONAL SUMMARY ======================================== Endpoints Tested: 2 Successful Responses: 2 Failed Responses: 0 Timeouts Detected: 0 Average Security Score: 60 Highest Risk Level: HIGH RISK Information Exposures: 0 Missing Headers: 12 Sensitive Findings: 0 System Stability: DEGRADED ======================================== # Architecture Highlights GateKeeper uses a modular architecture with centralized structured findings generation. The framework validates not only endpoint availability, but also secure endpoint behavior through trust-boundary analysis and structured security enforcement validation. { "finding": "Information Leakage", "severity": "MEDIUM", "details": "Server header exposed: cloudflare", "why_it_matters": "Exposed infrastructure details may assist reconnaissance efforts.", "recommended_actions": [ "Review reverse proxy header policies", "Minimize infrastructure disclosure" ], "trust_level": "moderate" } This enables: - Consistent scoring - Structured reporting - Future intelligence-correlation integration - Scalable detection expansion - Standardized JSON export support ## Architecture Evolution GateKeeper originally began as a lightweight API security testing framework focused on endpoint validation and response analysis. The platform has since evolved into a modular operational telemetry system capable of: - Aggregating distributed security findings - Performing runtime risk analysis - Tracking endpoint stability - Generating centralized operational summaries - Supporting scalable future telemetry integrations This architectural evolution establishes the foundation for future enhancements such as: - Historical trend analysis - SIEM integrations - Dashboard reporting - Export pipelines - Threat intelligence correlation ## Reliability Philosophy GateKeeper is designed using a graceful degradation philosophy. When endpoints fail, timeout, or return malformed responses, the framework: - Avoids catastrophic test crashes - Preserves telemetry collection - Logs operational instability - Continues executing remaining security analysis safely This approach enables resilient security testing even in unstable environments. # Ecosystem Vision

GateKeeper → Observe Monolith → Remember Heimdall → Interpret Project GateKeeper is evolving toward a cooperative security intelligence ecosystem built around layered responsibilities and explainable security analysis. - **GateKeeper** performs endpoint observation, validation, and structured security analysis. - **Monolith** serves as the centralized intelligence persistence and contextual memory layer. - **Heimdall** acts as the interpretation and adaptive analysis layer, transforming technical findings into contextual human-readable intelligence. This architecture supports future explainable security intelligence workflows, adaptive analysis, structured trust-aware interpretation, and resilient analysis across heterogeneous API environments. # Example Output [SECURITY FINDING] GET /post/1 - Potential information leakage detected: - [MEDIUM] Server header exposed: cloudflare ---------------------------------------- [FAIL] Missing Security Headers: - Content-Security-Policy - Referrer-Policy - Permissions-Policy ---------------------------------------- [SECURITY SCORE] GET /post/1 → 90/100 # Project Structure gatekeeper-api-security-testing/ ├── core/ │ ├── client.py │ ├── orchestration.py │ └── results.py │ ├── security/ │ ├── security.py │ ├── token_analysis.py │ └── scoring.py │ ├── reporting/ │ ├── output.py │ └── export.py │ ├── config/ │ ├── colors.py │ ├── settings.py │ └── protected_endpoints.json │ ├── tests/ │ ├── test_endpoints.py │ └── token_analysis.py │ ├── docs/ │ ├── README.md ├── requirements.txt ├── LICENSE └── conftest.py # Installation git clone https://github.com/GunSlinger0715/gatekeeper-api-security-testing.git cd gatekeeper-api-security-testing pip install -r requirements.txt # Running GateKeeper pytest -s ## Continuous Integration GateKeeper uses GitHub Actions for automated continuous integration testing. Every push and pull request to the `main` branch automatically triggers: - Dependency installation - Environment validation - Automated pytest execution This ensures the project remains stable, portable, and regression-resistant as the architecture evolves. ### Engineering Philosophy # Current Focus Current development priorities include: - Structured findings architecture - Severity-based scoring refinement - Enhanced token anomaly analysis - Improved reporting and visualization - CI/CD workflow refinement - Operational telemetry stabilization - Resilient execution orchestration # Future Roadmap Planned future enhancements include: - Assisted finding correlation and intelligence aggregation - Advanced attack pattern recognition - OWASP API Top 10 expansion - Enhanced dashboards and reporting - Config-driven detection rules - Intelligent anomaly analysis - Historical telemetry tracking - SIEM integration support - Behavioral API analysis pipelines # Long-Term Vision GateKeeper is designed to evolve beyond lightweight API security testing into a scalable, context-aware security analysis platform capable of adapting to increasingly complex API ecosystems and response behaviors. Future architectural development will focus on intelligent response analysis, adaptive validation logic, and resilient trust-aware security workflows, including: - Adaptive response-type detection and schema-aware validation - Dynamic handling of JSON, HTML, XML, and text-based API responses - Intelligent response classification and contextual trust-boundary analysis - Resilient parser routing and graceful handling of unexpected response formats Future ecosystem development may include behavioral API telemetry analysis, anomaly inspection workflows, and structured intelligence persistence across modular security subsystems. # License This project is licensed under the MIT License. See the LICENSE file for additional details.