Frontegg Creates Open Source Project HARmor to Enable Safe Use and Sharing of HAR Files

Frontegg's free OSS project sanitizes HAR files (browser session interaction logs) to safeguard users and organizations from HAR file vulnerability exploits


Screenshot 2023-11-14 at 8.41.47 AM

MOUNTAIN VIEW, Calif., Nov. 14, 2023 (GLOBE NEWSWIRE) -- Frontegg, the premier customer identity and access management platform for modern SaaS apps, is releasing HARmor, an open source tool to sanitize HTTP-Archive files. Available now to all developers on GitHub, HARmor enables safe handling and sharing of HAR files. Easy to install and run, HARmor can–in a few seconds–prevent major security breaches for organizations.

“Open-source HARmor is Frontegg’s contribution to overall security posture and customer safety for the entire software industry,” said Aviad Mizrachi, CTO, Frontegg. “Tokens in HAR files have been used to attack a major software vendor’s customers. We see customer support organizations at particular risk. Tokens are potent weapons, if leaked or accessed through social engineering, for example. We decided to provide a robust, universally applicable solution immediately to prevent widespread damage to customers and their trust in their software providers.”

HARmor allows users to clean and sanitize data from their HAR files selectively. They can also interact in real time with the data they are cleaning. This level of user control is a first in HAR file management. Key HARmor functions:

  • Sanitization: HARmor can detect and scrub sensitive information, from cookies and passwords to authorization headers and query parameters, as well as JSON body keys. HARmor also sanitizes based on URLs, and removes JWT signatures.
  • Cleaning: HARmor removes unnecessary data bloat, reducing the risk of accidental data exposure.
  • Encryption: HARmor ensures that the sanitized HAR files are encrypted, thereby adding a layer of security in the event of unintended dissemination.
  • No Global Installation Needed: Use HARmor directly with npx, anywhere you need it.

HARmor can be used in either Direct Sanitization or Template mode. Direct mode guides users along an interactive journey through a structured questionnaire, to ensure each data point is reviewed and sanitized as necessary. In Template mode, users can create and share customized templates to enhance workflow. This also lets companies define their own standards of cleaning HAR files for consistent security — especially valuable to those with unique cookies, headers, or sensitive data patterns specific to their business.

HAR files are actively targeted in breaches

Recently, a global software vendor announced that for 19 days (beginning on September 28th), a threat actor gained unauthorized access to files inside the vendor’s customer support system. These included HAR files that contained session tokens, which the attacker used to hijack legitimate user sessions of several customers.

HAR files are critical for support teams working to debug and troubleshoot customer issues, but they can open vulnerabilities in system security which threat actors actively seek to exploit. The potential grave consequences for business reputation and customer trust are of great concern to technical support organizations and customers who depend on them.

“It’s our role and responsibility to protect the software industry and all its customers when we have the expertise to do so,” said Amir Jaron, VP R&D, Frontegg. “From first learning of the exploits against a major software provider, which leveraged HAR tokens and impacted numerous of their customers, it was just a few days to Frontegg’s release of HARmor, as a result of intensive effort to provide an immediate solution for millions who use technical support sessions.”

For usage examples and a deeper dive into HARmor’s capabilities, please visit the GitHub repository at frontegg/harmor or harmor.dev website.

About Frontegg
Frontegg empowers modern SaaS companies to elevate customer identity management as a strategic business driver, enhancing both security and user experience. As one of the top-ranked CIAM platforms, recognized by G2 Crowd, Frontegg offers a comprehensive suite of identity management functionalities. From seamless onboarding flows and advanced user entitlements to robust authorization, role management, account security measures, and multi-tenancy support, Frontegg equips SaaS companies with all the essential tools for customer identity. By implementing Frontegg, businesses can shift their identity management processes left, enabling customers to design and customize their own experiences effortlessly, without the need for additional code or engineering resources. Founded in 2019 by CEO Sagi Rodin and CTO Aviad Mizrachi, Frontegg has secured $70 million in funding from Stripes, Insight Partners, and Pitango. Today, it serves as the trusted identity and user management infrastructure for leading SaaS companies worldwide, spanning from high-growth startups to Fortune 500 enterprises.

Media Contact:
BOCA Communications
Frontegg@bocacommunications.com

A photo accompanying this announcement is available at https://www.globenewswire.com/NewsRoom/AttachmentNg/0105a9b8-2540-438e-96f8-1dd21cc0b915