Utilize Shodan API to help show internet exposure and risk in Secure Dashboard
Problem to solve
Many companies don’t have a good view of what is publicly accessible (more at risk) - and attackers have the - resources (port scanning) to find these, and do.
We should make the information that is available (Shodan) easy to consume in a overview Dashboard
Intended users
- Delaney (Development Team Lead)
- Devon (DevOps Engineer)
- Sidney (Systems Administrator)
- Sam (Security Analyst)
Personas are described at https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/ -->
Who:
- Blue team-find knowns, or help prioritize
- C-Level-Managers-visibility into progress
- DevOps-notice if deploy config needs changes
Further details
They would need to have their own API key
What is Shodan?
Shodan.io is a website, launched in 2009 by John Matherly. The site regularly port scans the internet and grabs connection banners and headers for services running on hosts. It indexes the results for searching on the website via IP address and various filters for fields captured in the scans (banners, services, ports, etc).
Whereas Google searches and indexes the pages running on web servers on the internet, Shodan searches and indexes information about the hosts themselves that are running those web servers and much more.
Above quote taken from RenderMan
This can augment our users existing port scans, or in some cases introduce them to this important topic.
Proposal
Put in an IP range or set of IPs
- See changes (add, remove) ports in past week (day?) graph
- See increase or decrease in CVE in pas week (dat) graph
- Risk “score” based on CVEs and ports exposed
Permissions and Security
Ultimate users who can edit code
Documentation
Document in user docs
Testing
- test permissions
- test load time
- test caching
- test bad API key error handling
What does success look like, and how can we measure that?
Users have more access to data about their risk that they can act on (avoid unknowns that can be painful when the data is available or easy to get)
What is the type of buyer?
Links / references
Competition?
- Bugcrowd “attack surface management”