Skip to content

Feature Request: Detection and Categorization of Exposed (Potentially Risky) Interfaces #1709

New issue
New issue
Open
Enhancement
Open
Feature Request: Detection and Categorization of Exposed (Potentially Risky) Interfaces#1709
Enhancement
Labels
Type: EnhancementMost issues will probably ask for additions or changes.
@iamthefrogy

Description

@iamthefrogy
iamthefrogy
opened on May 20, 2024

Summary:

Implement a feature in httpx to detect and categorize exposed interfaces into four categories based on their intended accessibility and security requirements.

Description:

For large enterprises, managing the exposure of various applications is crucial. This feature will categorize detected interfaces into:

  • Customer-facing apps: Accessible on the Internet. (Just sharing this to know the problem statement for large companies)
  • Contractor and vendor-facing apps: Internet-accessible with IP whitelisting.
  • Colleague-facing apps (with valid justification): Internet-accessible but protected by SSO.
  • Colleague-facing apps (no justification): Must not be public-facing.

Examples of Colleague-facing Apps

  • GitHub: Internal repositories for source code and documentation.
  • Jenkins: Continuous integration and deployment pipelines.
  • Grafana: Internal dashboards for monitoring and analytics.
  • Oracle Cloud Login: Administrative access to cloud resources.
  • Jira: Internal project management and issue tracking.
  • Confluence: Internal documentation and collaboration platforms.
  • Salesforce Admin: Administrative access to CRM data.
  • Internal Wikis: Company-specific knowledge bases.
  • etc.

Use Cases:

  • Security Audits: Assist in identifying and securing exposed interfaces.
  • Compliance: Ensure compliance with internal and external security policies.
  • Asset Management: Facilitate the management and monitoring of application exposure.

Benefits:

  • Enhanced Security: Reduce the risk of unauthorized access to sensitive applications.
  • Efficiency: Streamline the process of categorizing and securing applications.
  • Proactive Management: Enable proactive measures to protect against potential security breaches.

Proposed Implementation:

  • Detection: Scan for exposed interfaces and categorize them based on predefined rules.
  • Categorization: Automatically categorize applications using heuristics and predefined criteria.
  • Incorporate machine learning to improve categorization accuracy over time.
  • Provide configuration options to define custom categorization rules.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type: EnhancementMost issues will probably ask for additions or changes.

    Type

    Enhancement

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions