Introducing Private Locations: Securely Scan Your Internal Applications
While public applications often receive focused attention, the reality is that many critical applications operate behind firewalls, VPNs, or in private networks. These internal apps can be just as vulnerable to attacks—but securing them without disrupting your infrastructure can be a challenge.
Today, we’re introducing Private Locations, a new feature in Escape’s API security platform that allows you to discover, fingerprint, and scan your internal applications securely. With this feature, no API, front-end applications, or SPAs—public or private—is left behind in your security strategy.
What are Private Locations?
Private Locations enable seamless and secure security testing of your internal applications without requiring them to be exposed to the Internet. At the heart of this feature is the Escape Repeater, a lightweight tool built in Golang.
The Repeater creates a reverse tunnel between Escape and your internal network, providing a secure and efficient way to perform scans and retrieve actionable insights.
Why it matters - Getting more visibility with Private Locations
Many organizations operate internal applications that are not exposed to the public internet, making them challenging to assess for security vulnerabilities. With private locations, you can also launch scans from inside your network, allowing you to monitor an even wider range of applications:
- Comprehensive Application Coverage: Eliminate security blind spots by extending testing to every API, front-end application, or SPA, regardless of where it resides.
- No Compromise on Security: Test internal applications without exposing them to the internet or making changes to your network architecture.
- Streamlined Operations: Integrate seamlessly into your existing workflows, saving time and reducing operational complexity.
How it works
Private Locations use a straightforward and secure workflow:
- Deploy Locally: You deploy the Escape Repeater in your private network.
- Centralized Management: Escape communicates with the Repeater Manager, which handles requests to your network.
- Secure Forwarding: The local Repeater forwards requests to your internal APIs, and scan results are sent back to Escape for analysis.
- Actionable Results: Escape provides a detailed report with recommendations to fix any vulnerabilities.
Getting Started
Here’s how to get Private Locations up and running:
- Configure your Private Location:
- Head over to the Private Location Configuration page located under Organization -> Network
- Create a new Repeater by assigning the desired name. Keep your
ESCAPE-REPEATER_ID
- Configure Firewall Settings: Allow outgoing traffic to
repeater.escape.techonTCPport443. Need the specific IPs? Runnslookup repeater.escape.techto get the latest ones. - Deploy the Escape Repeater
Use theESCAPE_REPEATER_IDenvironment variable to configure the repeater in your environment. You can deploy it using any of the following methods:
- Docker CLI: Pull the Escape Repeater image and run it using Docker commands.
- Docker Compose: Use a simple YAML file to manage the deployment process.
- Kubernetes: Deploy in your Kubernetes cluster for scalable and integrated management.
More deployment examples are available in the example folder of the GitHub repository. Contributions for additional configurations are welcome.
Connection status updates every minute in the Last seen column.
For more details and step-by-step guidance, check out our Private Locations documentation.
With these new updates, you should be able to set up your internal DAST and API scans with ease. Try it out for yourself, and let us know what you think in our Slack community!