Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Security knowledge sharing: How to de-risk HAR files with open source and Securely

B_Abrega_
B_Abrega_
Contributor
January 16, 2024

The Hidden Risks in HAR Files: Understanding the Technical Vulnerabilities

I know many of you in the Atlassian Community are responsible for protecting the data of your customers and your organizations. And as more and more data gets exchanged over the internet, this is only becoming more important. With new vulnerabilities in the news every week, sharing back knowledge in the security space helps us all stay aware and protected.

108cd5f0-42f0-4f0b-ae4e-932eaefe7fe0.png

With that in mind, the recent Okta breach was exacerbated by sensitive data contained in HAR files, and I wanted to put together a quick guide for the Community. HAR (HTTP Archive) files, commonly used in web development and support, are a perfect illustration of this challenge. These files are comprehensive logs of a web browser's interactions with a site, detailing every request sent and response received. While incredibly useful for troubleshooting and performance analysis, HAR files can also inadvertently become sources of significant security vulnerabilities if not handled with care. In this post, I'll talk a little about why HAR files can pose a security challenge, share a real-life example, and explain a few solutions you can use to mitigate, including open source options.

Sensitive Data Exposure in HAR Files

HAR files can contain a wealth of sensitive information, which, if exposed, could lead to serious security breaches. Here are some specific examples:

  1. Headers: These often include details like Authorization headers which may contain API keys or bearer tokens. For example, a header like Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9... contains a JWT token that can be used to authenticate against a service.
  2. Cookies: Cookies are used for maintaining sessions and can contain session IDs or tokens. For instance, a cookie like session_id=3e35a8... could give an attacker access to a user’s session.
  3. Query Parameters: URLs in the HAR files may have query parameters that include sensitive information. For example, a URL like https://example.com/api?token=abcd1234 reveals an API token.
  4. Post Parameters: These are often used to send data in forms and can include credentials or personal information. A post parameter like { "username": "user1", "password": "Passw0rd!" } is a direct security risk if exposed.

The Okta Breach: A Case Study

The Okta breach is a prime example of how overlooking these risks can lead to widespread security incidents. Attackers accessed unprotected HAR files containing sensitive headers and cookies, which enabled them to compromise user accounts and infiltrate further into Okta’s systems. This breach not only caused immediate harm but also impacted the trust in Okta’s services, affecting their customers and partners.

Compounding Risks with New SEC Rules

The new SEC data breach disclosure rules add another layer of urgency to this issue. With the requirement for publicly owned companies in the U.S. to report significant cyber incidents within 96 hours, the pressure to ensure robust data protection is higher than ever. Failing to properly sanitize HAR files not only poses a security risk but also could lead to regulatory non-compliance and reputational damage. 

In light of these technical risks, the importance of tools like har-cleaner and Securely becomes evident. They serve as critical components in a company’s arsenal to protect against data breaches and maintain compliance with evolving regulatory standards.

Open Source to the Rescue: Introducing har-cleaner

Addressing these risks head-on, we are proud to announce that we have open-sourced the underlying HAR cleaning library, har-cleaner. This tool is a testament to our commitment to community-driven security enhancements. By leveraging har-cleaner, developers and companies can integrate robust data sanitization into their products, ensuring that sensitive information in HAR files is identified and scrubbed clean.

Securely: Integrating har-cleaner in the JIRA Ecosystem

Building upon this, we've integrated har-cleaner into our Securely app, offering an out-of-the-box solution for JIRA and JIRA Service Management users. Securely, now with the new JIRA service management customer portal and in-browser scrubbing functionality, provides a seamless and secure way to handle HAR files.

Securely’s infrastructure runs on Atlassian Forge, ensuring that data processing stays within Atlassian systems for enhanced security. The app automatically scans and sanitizes HAR files attached to JIRA, with options for more aggressive data deletion policies if needed.

User Testimonials: Hear from Our Community

We love helping our users enhance their data protection best practices and hearing their stories. We're part of a growing movement of individuals and organizations who are dedicated to data protection at the highest standard:

 

This is a good way for us to keep requesting .har files from our customers in good conscience, while ensuring there is no sensitive content in them. Appreciate this is a Forge app with no egress, that helps us with our ISO certification 

  • Tobias Viehweger - Co-Founder & Head of Engineering @ yasoon

I really like that there is basically no room for human error during the HAR upload. Every HAR file is cleaned without exception, which is what you want.

  • Adam Ahmed - Co-Founder / CTO @ Released

The vendor has even gone above and beyond by implementing fine-grained controls over what is removed and what is kept to minimize the impact on the usefulness for support that these files have. And all of this for free and with zero data sent outside of the Atlassian! I would give more stars if I could and you should probably be using this app today.

  • Tobias Theobald - Software Developer at re:Solution

 

We would appreciate you sharing your experience with our apps as well.

 

Your Role in Shaping a Secure Future

We believe in the power of collaboration and community feedback in evolving Securely into a robust tool for data protection. Your experiences, insights, and suggestions are invaluable in strengthening our defenses against data breaches.

  • Security and Bugs: Your reports on vulnerabilities or improvement suggestions are crucial.
  • Feature Suggestions: We welcome ideas for new features that enhance our security capabilities.
  • Documentation Feedback: Help us refine our documentation for better user guidance.
  • Customer Stories: Share how Securely has bolstered your data protection efforts.

 

We invite you to explore Securely's capabilities and contribute to a future where customer trust and data privacy are safe. Every install, rating, and comment fuels our journey towards this goal.

To a secure and trusted future,
Boris

 

Comment
Watch
Like # people like this
1506 views

1 comment

Comment

Log in or Sign up to comment
Dave Rosenlund _Trundl_
Dave Rosenlund _Trundl_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
January 16, 2024

What a great idea, @B_Abrega_ (aka Boris)! 

Like # people like this
Reply
groups-icon
App Central
TAGS
AUG Leaders

Atlassian Community Events

    See all events