Frontegg Creates Open Source Project HARmor to Enable Safe Use and Sharing of HAR Files
MOUNTAIN VIEW, Calif., Nov. 14, 2023 (GLOBE NEWSWIRE) -- Frontegg, the premier customer identity and access management platform for modern SaaS apps, is releasing HARmor, an open source tool to sanitize HTTP-Archive files. Available now to all developers on GitHub, HARmor enables safe handling and sharing of HAR files. Easy to install and run, HARmor can–in a few seconds–prevent major security breaches for organizations.
“Open-source HARmor is Frontegg’s contribution to overall security posture and customer safety for the entire software industry,” said Aviad Mizrachi, CTO, Frontegg. “Tokens in HAR files have been used to attack a major software vendor’s customers. We see customer support organizations at particular risk. Tokens are potent weapons, if leaked or accessed through social engineering, for example. We decided to provide a robust, universally applicable solution immediately to prevent widespread damage to customers and their trust in their software providers.”
HARmor allows users to clean and sanitize data from their HAR files selectively. They can also interact in real time with the data they are cleaning. This level of user control is a first in HAR file management. Key HARmor functions:
HAR files are actively targeted in breaches
Recently, a global software vendor announced that for 19 days (beginning on September 28th), a threat actor gained unauthorized access to files inside the vendor’s customer support system. These included HAR files that contained session tokens, which the attacker used to hijack legitimate user sessions of several customers.
HAR files are critical for support teams working to debug and troubleshoot customer issues, but they can open vulnerabilities in system security which threat actors actively seek to exploit. The potential grave consequences for business reputation and customer trust are of great concern to technical support organizations and customers who depend on them.
“It’s our role and responsibility to protect the software industry and all its customers when we have the expertise to do so,” said Amir Jaron, VP R&D, Frontegg. “From first learning of the exploits against a major software provider, which leveraged HAR tokens and impacted numerous of their customers, it was just a few days to Frontegg’s release of HARmor, as a result of intensive effort to provide an immediate solution for millions who use technical support sessions.”
A photo accompanying this announcement is available at https://www.globenewswire.com/NewsRoom/AttachmentNg/0105a9b8-2540-438e-96f8-1dd21cc0b915