What is the Exploration Scope?
Introduction to Exploration Scope
The exploration scope is a fundamental aspect of Escape's Inventory, defining the boundaries and domains within which the platform searches for APIs and secrets. This scope determines where the system will look, encompassing both the public internet and internal networks, to provide a comprehensive inventory of all exposed assets.
Domains: The Core of Exploration
At the heart of the exploration scope are the domains associated with your organization. These domains are not merely noted; they undergo a thorough process of sub-enumeration, crawling, and scraping. This process is designed to be secure and non-intrusive, ensuring that your operations are not disrupted while still providing a detailed and accurate map of your API and secret landscape.
- Sub-enumeration: The system identifies and catalogues all subdomains associated with the primary domain, uncovering often overlooked areas that might house APIs or sensitive data.
- Crawling and Scraping: By crawling web pages and scraping relevant data, the inventory captures information about APIs and potential secrets exposed online, adhering to best practices for security and data privacy.
Integrations: Enhancing the Scope
To augment the information gathered from domain-based exploration, Escape's Inventory also integrates with a variety of external platforms. These integrations are carefully selected to ensure they are non-intrusive and read-only, preserving the integrity and security of the data sources:
- Developer Integrations: Connect with developer tools and platforms such as GitHub, GitLab, and Postman. These integrations provide a deeper insight into where APIs are defined and how they are used within your development workflows.
- Cloud Integrations: Leverage connections with cloud services like AWS, Azure, and Google Cloud to extend the inventory’s reach into cloud-based resources, ensuring that APIs deployed in these environments are also included.
By configuring the exploration scope with a combination of domain exploration and strategic integrations, you ensure that Escape’s Inventory can deliver a full spectrum view of your API and secret exposure, bolstering your security posture and compliance efforts.