November 14, 2023 at 04:51PM
Frontegg has released an open source tool called HARmor to help secure HTTP Archive (HAR) files from unauthorized access. HAR files are commonly used by developers and support teams for debugging, performance analysis, and investigating security vulnerabilities of web applications. HAR files can contain sensitive data, making them potential targets for cybercriminals. HARmor detects and sanitizes sensitive information, removes unnecessary data, and encrypts the file to protect its contents. It operates in two modes: Direct Sanitization and Template mode, allowing users to define their own sanitization rules. Templates can be shared through the HARmor repository, promoting collective security responsibility.
The meeting notes discuss the release of HARmor, an open source tool developed by Frontegg to sanitize HAR files. HAR files are widely used by developers and support teams for debugging network issues, analyzing website performance, and investigating security vulnerabilities. However, these files can potentially contain sensitive data such as session tokens, API keys, and passwords, making them attractive targets for cybercriminals.
The need to protect HAR files became evident when Okta experienced a security breach in which threat actors gained access to HAR files containing session tokens. This incident led Okta to revoke the tokens and reevaluate their handling of HAR files. In response to the risks associated with HAR files, Frontegg developed HARmor to clean and sanitize the data within these files.
HARmor offers various cleaning and sanitization capabilities, including the detection and scrubbing of sensitive information like cookies, passwords, authorization headers, and query parameters. It can also remove JSON body keys, sanitize files based on URLs, and remove JWT signatures. Additionally, HARmor allows users to encrypt the sanitized HAR file to further enhance its protection.
HARmor operates in two modes: Direct Sanitization and Template mode. In Direct Sanitization mode, users are presented with a questionnaire to review and decide whether each data point needs to be sanitized. Template mode allows users to define their own standards using a JSON file, ensuring consistent application of sanitization rules.
Frontegg has chosen to open source HARmor to assist other technical support organizations and developers facing similar risks. Templates created by users can be shared through the HARmor repository, promoting a community-driven approach to collective security responsibility.
Overall, the development of HARmor addresses the critical need to secure HAR files, maintain user trust, and protect sensitive data from potential breaches.