Skip to content
VigilGuard Logo VigilGuard
Contact Us
EASM Platform VendorGuard ITRM Platform

AR

AR

Section titled “AR”

3 automated security scanners

Spatial Computing Privacy

Section titled “Spatial Computing Privacy”

Purpose: The Spatial Computing Privacy Scanner is designed to detect potential privacy and tracking issues by examining domain names, application identifiers, DNS records, TLS configurations, API endpoints, and HTTP responses. It aims to identify geolocation tracking, eye tracking, behavioral data collection practices, and security header weaknesses that could compromise user privacy and security.

What It Detects:

  • Location Tracking Indicators: The scanner identifies the presence of geolocation-related HTTP headers and checks for GPS or location-based API calls within the application content.
  • Eye Tracking Indicators: It looks for scripts or APIs related to eye tracking in DNS records, TLS certificates, and behavioral data collection practices.
  • Behavioral Data Collection: The scanner analyzes security headers for indicators of behavioral data collection and scans HTTP responses for cookies, local storage, session storage usage.
  • Security Headers Analysis: It checks the presence of critical security headers such as Strict-Transport-Security, Content-Security-Policy, X-Frame-Options, and X-Content-Type-Options.
  • TLS/SSL Configuration Issues: The scanner identifies outdated or insecure TLS versions (e.g., TLSv1.0, TLSv1.1) and detects weak cipher suites and protocols.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com) - This is necessary for DNS queries, HTTP requests, and TLS/SSL inspection.
  • app_identifier (string): Unique identifier for the application (e.g., com.acme.app) - Helps in identifying specific parts of the app for detailed analysis.

Business Impact: Monitoring privacy practices and security headers is crucial as they directly impact user data protection and overall system security. This scanner helps organizations comply with privacy regulations and enhance user trust by proactively detecting potential tracking risks.

Risk Levels:

  • Critical: Findings that indicate severe vulnerabilities such as missing or misconfigured Strict-Transport-Security headers, use of outdated TLS versions, or clear indicators of eye tracking in DNS records.
  • High: Issues like weak cipher suites, lack of content security policies, and improper handling of user data (cookies, local/session storage) that could lead to unauthorized access or data breaches.
  • Medium: Inconsistencies in security headers, use of potentially vulnerable TLS configurations, which may not directly compromise security but are indicative of poor practices.
  • Low: Informal findings such as minor discrepancies in header values or inconclusive DNS records related to eye tracking that do not significantly impact privacy or security.
  • Info: General information about the domain and app identifier, providing basic details without direct risk.

Example Findings:

  • A critical finding might be the detection of TLSv1.0 usage in the TLS configuration, which is highly discouraged due to its age and known vulnerabilities.
  • A high severity finding could be the identification of a security header that lacks proper enforcement, allowing for cross-site scripting (XSS) attacks on user data stored in cookies.

Mixed Reality Input Validation

Section titled “Mixed Reality Input Validation”

Purpose: The Mixed Reality Input Validation Scanner is designed to detect reality manipulation and sensory input attacks by analyzing various aspects of a mixed-reality application’s infrastructure. It evaluates DNS records, HTTP security headers, TLS/SSL configurations, port scanning, and API responses to ensure the integrity and security of applications in this immersive environment.

What It Detects:

  • DNS Record Anomalies:

    • Checks for SPF (Sender Policy Framework) records that improperly allow all senders.
    • Ensures proper mail exchange server configurations.
    • Validates name server configurations.
    • Verifies certificate authority authorization settings with CAA Records.
    • Ensures domain-based message authentication, reporting, and conformance policies are correctly implemented with DMARC Records.

  • HTTP Security Headers:

    • Ensures the use of HTTPS to protect against protocol downgrade attacks with Strict-Transport-Security (HSTS).
    • Prevents cross-site scripting (XSS) and data injection attacks by specifying which dynamic resources are allowed to load with Content-Security-Policy (CSP).
    • Protects against clickjacking by preventing content from being embedded in other sites with X-Frame-Options.
    • Prevents MIME type sniffing, ensuring the browser treats files as specified with X-Content-Type-Options.

  • TLS/SSL Configuration Issues:

    • Detects use of outdated protocols like TLSv1.0 and TLSv1.1.
    • Identifies insecure cipher suites such as RC4 and DES.
    • Flags the use of weak hash functions like MD5.

  • Port Scanning and Service Fingerprinting:

    • Identifies open ports that could be exploited by attackers.
    • Determines running services to assess potential vulnerabilities.

  • API Security Vulnerabilities:

    • Detects endpoints that do not enforce proper authentication or encryption with Insecure Endpoints.
    • Checks for APIs that inadvertently expose sensitive information through Data Leakage.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com)
  • app_identifier (string): Unique identifier for the application being scanned

Business Impact: This scanner is crucial for maintaining the security and trustworthiness of mixed-reality applications, ensuring that they are not compromised by malicious actors seeking to manipulate reality or exploit vulnerabilities in their infrastructure.

Risk Levels:

  • Critical: Conditions where outdated protocols like TLSv1.0 and TLSv1.1 are enabled, weak cipher suites are used, or certificates use MD5 as the signature hash algorithm.
  • High: Missing or improperly configured HTTP security headers that fail to protect against common attacks.
  • Medium: Presence of open ports not properly secured or identified services that could be vulnerable.
  • Low: Minor issues such as minor misconfigurations in DNS records or inconsequential data leakage from APIs.
  • Info: Informal findings indicating potential improvements or configurations that enhance security without being critical.

If the README doesn’t specify exact risk levels, infer them based on the scanner’s purpose and impact.

Example Findings:

  • “SPF record allows all senders: v=spf1 +all” - This indicates a significant weakness in email security allowing any sender to be accepted.
  • “Port 80 is open (Service: http)” - An open port on a critical service could lead to unauthorized access and data leakage.

Virtual Environment Escape

Section titled “Virtual Environment Escape”

Purpose: The Virtual Environment Escape Scanner is designed to detect attempts to escape virtual environments and gain unauthorized access to the host system by analyzing various network interactions such as DNS queries, HTTP requests, TLS/SSL configurations, socket connections, and API interactions.

What It Detects:

  • Suspicious DNS Queries: Detect TXT records with unusual or malicious content, identify MX, NS, CAA, and DMARC records that deviate from expected standards, and flag DNS queries to known malicious domains or IP addresses.
  • Malformed HTTP Requests: Check for security headers like Strict-Transport-Security, Content-Security-Policy, X-Frame-Options, and X-Content-Type-Options. Analyze redirects for suspicious URLs or patterns, and examine content for indicators of malicious activity.
  • Vulnerable TLS/SSL Configurations: Identify outdated TLS versions such as TLSv1.0 and TLSv1.1, detect weak cipher suites like RC4, DES, and MD5, and verify certificate validity and chain integrity.
  • Unusual Socket Connections: Perform port scanning to identify open ports that should be closed, conduct service fingerprinting to detect unauthorized services running on the host system.
  • API Interaction Anomalies: Monitor API calls for unusual patterns or requests that deviate from expected behavior, detect attempts to exploit known vulnerabilities in APIs.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com)
  • app_identifier (string): Application identifier for specific API or service checks (e.g., “app123”)

Business Impact: This scanner is crucial for maintaining the security of virtual environments by identifying potential unauthorized access points and mitigating risks associated with compromised systems.

Risk Levels:

  • Critical: Conditions where there are clear indicators of immediate risk, such as presence of malicious DNS queries or HTTP requests that suggest exploitation attempts.
  • High: Situations where vulnerabilities in TLS/SSL configurations could lead to data leakage or unauthorized access if not promptly addressed.
  • Medium: Issues requiring attention for improvement in API interactions and socket connections, which might be exploited but do not pose an immediate threat.
  • Low: Informal findings that require monitoring and evaluation but currently do not indicate significant security risks.
  • Info: General informational outputs from DNS queries and HTTP requests that provide baseline network activity insights without direct risk.

Example Findings:

  • A suspicious TXT record with content suggesting potential data leakage or unauthorized access attempts.
  • An open port detected during scanning, potentially indicating an unlicensed service running on the host system.