The BabaSecurity dashboard is designed to manage and monitor API security vulnerabilities within an enterprise, integrating seamlessly into the Software Development Life Cycle (SDLC) and providing real-time updates and monitoring.
Access the BabaSecurity dashboard online at: BabaSecurity Dashboard
- Pull the backend Docker image:
docker pull praatikzz/babasecurity:backend - Run the backend on port 3000:
docker run -p 3000:3000 --name babasecuritybackend praatikzz/babasecurity:backend
- Clone the backend repository:
git clone https://github.com/pratikanand13/Babasecuritybackend.git - Install the necessary dependencies:
npm i - Run the backend server:
npm run dev
- Clone the frontend repository:
git clone https://github.com/Ravi022/Baba_Frontend - Install the necessary dependencies:
npm i - Run the frontend server:
npm run dev
- POST /user/login
- POST /user/signup
- GET /apiDiscover
- GET /apilinks
- GET /bearer
- POST /nuclei
- POST /thirdpartySast
The API Inventory Management system automatically discovers and inventories all APIs within an organization, providing continuous updates and real-time monitoring.
- Automatic API Discovery: Continuously scans for new APIs using server logs and web crawlers.
- Real-Time Monitoring: Provides instant alerts for newly discovered APIs.
- Integration into SDLC: Ensures that the API inventory is up-to-date at every stage of the development process.
-
Server Log Analysis
- Analyzes server logs to identify new API endpoints.
- Provides detailed metrics, including response times and error rates.
-
Web Crawler - 404 Crawler
- Identifies APIs by crawling the web application and recording any endpoints that return a 404 error.
- Installation:
npm install -g @algolia/404-crawler
-
SAST Scanner - Bearer CLI
- Installation:
curl -sfL https://raw.githubusercontent.com/Bearer/bearer/main/contrib/install.sh | sh
- Installation:
-
DAST Scanner - VulnAPI
- Installation:
sudo snap install vulnapi
- Installation:
-
Automated Regression Suites - Nuclei
- Installation:
docker pull projectdiscovery/nuclei:latest
- Installation:
This section provides a detailed overview of the architectural design and key design decisions behind the Baba Security Dashboard.
- Record Schema: Stores details about security vulnerabilities identified in APIs.
- Scan Result Schema: Records detailed scan results associated with a specific organization.
- Dashboard Schema: Manages user authentication and stores user-related information for dashboard access.
- API Store Schema: Serves as a central repository for storing and retrieving API details linked with identified vulnerabilities.
- Authentication and Password Security: Uses JWT for authentication and bcrypt for password hashing.
- Regular Updates: Ensures middleware and dependencies are regularly updated to mitigate vulnerabilities.
The Baba security dashboard integrates various technologies to deliver a robust solution for managing and assessing security vulnerabilities. Its modular architecture supports scalability and adaptability to emerging security challenges.