Guardianλ

Inspiration

Guardianλ was inspired by the growing need for secure file and URL analysis in an era where cyber threats are increasingly sophisticated. Traditional security solutions often require persistent infrastructure and can leave traces of potentially malicious content. We wanted to create a solution that leverages the ephemeral nature of serverless computing to provide isolated, secure analysis without maintaining persistent environments that could be compromised.

What it does

Guardianλ is an AWS Lambda-based solution that analyzes files and URLs in ephemeral, isolated environments. It provides:

• Secure file analysis that detects file types, calculates hashes, and identifies potentially malicious content • URL analysis that checks for suspicious patterns, security headers, and potential phishing indicators • Risk assessment scoring to quickly identify potential threats • Detailed reporting with comprehensive findings • A modern, responsive web interface for easy interaction • Complete isolation of analyzed content with no persistent storage

Each analysis runs in a fresh container, ensuring that malicious content cannot persist or affect subsequent analyses.

How we built it

We built Guardianλ using a serverless architecture on AWS:

• Backend: AWS Lambda functions written in Python handle the analysis logic • API Layer: Amazon API Gateway provides secure endpoints for file and URL submissions • Storage: Amazon S3 provides temporary storage for uploaded files • Database: DynamoDB stores analysis results with automatic TTL expiration • Frontend: Modern HTML/CSS/JavaScript web interface hosted on S3 • Infrastructure: Defined using Terraform for infrastructure as code • Deployment: Automated deployment scripts for both manual and CI/CD workflows

The solution uses a modular design that separates the analysis logic from the API handling, making it easy to extend with new analysis capabilities.

Challenges we ran into

During development, we encountered several challenges:

• Lambda Limitations: Working within Lambda's execution time and memory constraints while performing complex analysis • Binary Content Handling: Configuring API Gateway to properly handle binary file uploads • CORS Configuration: Ensuring proper cross-origin resource sharing between the frontend and API • Dependency Management: Packaging external libraries like python-magic for Lambda execution • Security Boundaries: Implementing proper security controls while maintaining usability • Error Handling: Creating graceful error handling across the distributed architecture • Frontend-Backend Integration: Ensuring seamless communication between the web UI and serverless backend

Accomplishments that we're proud of

We're particularly proud of:

• Creating a truly ephemeral analysis environment with no persistent storage of analyzed content • Implementing a comprehensive file analysis system that works across multiple file types • Building a modern, responsive UI that provides clear security insights • Developing a solution that scales automatically with demand • Using infrastructure as code to ensure consistent deployments • Implementing detailed risk scoring and findings to help users understand potential threats • Creating a system that can be easily extended with new analysis capabilities

What we learned

This project taught us valuable lessons about:

• Serverless architecture design and best practices • Security considerations for handling potentially malicious content • API Gateway configuration for binary content • Frontend-backend integration in serverless applications • Infrastructure as code using Terraform • CORS configuration and troubleshooting • Error handling in distributed systems • User experience design for security applications

What's next for Guardianλ

We have several exciting enhancements planned for Guardianλ:

• Enhanced Analysis: Integrate with virus scanning engines like ClamAV • Machine Learning: Add ML-based detection for more sophisticated threats • Threat Intelligence: Connect to threat intelligence feeds for real-time data • User Authentication: Add user accounts and authentication using Amazon Cognito • Analysis History: Implement persistent history of analysis results for registered users • Advanced Reporting: Create more detailed reports with visual representations of findings • API Expansion: Develop additional endpoints for specialized analysis types • Mobile App: Create native mobile applications for on-the-go security analysis • Enterprise Features: Add team collaboration and role-based access control

Built With

• amazon-web-services
• aws-api-gateway
• aws-lambda