Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature request: check that API Gateway Default Endpoints are disabled. #1599

Open
rdegraaf opened this issue Jan 18, 2024 · 0 comments
Open

Feature request: check that API Gateway Default Endpoints are disabled. #1599

rdegraaf opened this issue Jan 18, 2024 · 0 comments
Labels
enhancement New feature or request

Comments

@rdegraaf
Copy link

rdegraaf commented Jan 18, 2024
edited

Is your feature request related to a problem? Please describe.

By default, every AWS API Gateway REST API has a "default endpoint" with a DNS name such as https://ab12cd34ef.execute-api.us-east-1.amazonaws.com. Default endpoints use a legacy TLS termination policy that supports TLS 1.0 and 1.1. A default endpoint is a fully functional API endpoint but its DNS name and TLS termination policy are not configurable. To assign a service-specific DNS name or TLS policy, one must create a "Custom Domain" within API Gateway and direct all callers to that endpoint name; the default endpoint is then superfluous.

Describe the solution you'd like

ScoutSuite should check that all API Gateways have Custom Domains and that their Default Endpoints are disabled. If this is deemed to be too strong of a condition, then every API Gateway that has a Custom Domain should also have its Default Endpoint disabled.
@rdegraaf rdegraaf added the enhancement New feature or request label Jan 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rdegraaf