Skip to content

Latest commit

 

History

History
64 lines (55 loc) · 5.73 KB

attack-surface.md

File metadata and controls

64 lines (55 loc) · 5.73 KB

Attack Surface Analysis for airbnb/okreplay

Attack Surface: 1. Sensitive Data Exposure in Tapes

  • Description: Accidental recording and storage of sensitive information within the HTTP interaction "tapes."
  • How OkReplay Contributes: OkReplay's core function is to record all aspects of HTTP requests and responses, making it highly likely to capture sensitive data if not carefully configured.
  • Example: An API request includes an Authorization: Bearer <JWT> header containing a user's session token. This token is recorded verbatim in the tape.
  • Impact: Exposure of credentials, PII, internal system details, or proprietary data, leading to unauthorized access, data breaches, and reputational damage.
  • Risk Severity: Critical
  • Mitigation Strategies:
    • Comprehensive Scrubbing: Implement custom, application-specific filters before saving tapes. Use a combination of:
      • Regex-based filtering for known sensitive data patterns (API keys, credit card numbers, etc.).
      • Header whitelisting/blacklisting – only record essential headers.
      • Body filtering based on content type (JSON, XML) – remove sensitive fields.
      • URL parameter filtering.
    • Tape Encryption: Encrypt tapes at rest and in transit using strong encryption algorithms.
    • Strict Access Control: Implement strict access controls on tape storage locations (e.g., local filesystem, cloud storage). Only authorized personnel should have access.
    • Short Tape Lifespan: Automatically delete tapes as soon as they are no longer needed.
    • Tape Review Process: Implement a manual review process (or automated scanning) to identify and remove any missed sensitive data.
    • Never Record Production Traffic: Strictly limit recording to non-production environments.
    • Don't commit tapes to version control: Add tape storage location to .gitignore or equivalent.

Attack Surface: 2. Malicious Tape Modification (Replay Attacks)

  • Description: An attacker gains access to the stored tapes and modifies them to inject malicious requests or alter existing ones.
  • How OkReplay Contributes: OkReplay replays the recorded interactions, so any modifications to the tapes will be executed during testing.
  • Example: An attacker modifies a tape to include a cross-site scripting (XSS) payload in a request parameter that was originally benign.
  • Impact: Successful exploitation of vulnerabilities in the application during testing, potentially leading to data breaches, code execution, or denial of service. This could also be used to bypass security controls in the test environment.
  • Risk Severity: High
  • Mitigation Strategies:
    • Tape Integrity Verification:
      • Calculate and store hashes (e.g., SHA-256) of tapes separately. Verify hashes before replay.
      • Digitally sign tapes and verify signatures before replay.
    • Read-Only Tapes: Configure OkReplay to use tapes in read-only mode whenever possible.
    • Secure Tape Storage: Store tapes in a secure location with strict access controls, preventing unauthorized modification.
    • Version Control (with Access Control): Use a version control system (e.g., Git) with strong access controls to track changes to tapes and prevent unauthorized commits.
    • Input Validation (Always): The application must have robust input validation and security controls, even during testing with OkReplay. Do not rely on OkReplay for security.

Attack Surface: 3. Dependency Vulnerabilities

  • Description: Vulnerabilities in OkReplay itself or its dependencies.
  • How OkReplay Contributes: OkReplay, like any software, can have vulnerabilities, and it also relies on external libraries.
  • Example: A vulnerability in a library used by OkReplay for parsing HTTP requests could allow for remote code execution.
  • Impact: Remote code execution, information disclosure, or other exploits, depending on the specific vulnerability.
  • Risk Severity: High
  • Mitigation Strategies:
    • Keep Updated: Regularly update OkReplay and all its dependencies to the latest versions.
    • Vulnerability Scanning: Use software composition analysis (SCA) tools to scan for known vulnerabilities in OkReplay and its dependencies.
    • Dependency Auditing: Regularly audit the dependency tree to identify and assess potential risks.
    • Monitor Security Advisories: Stay informed about security advisories related to OkReplay and its dependencies.

Attack Surface: 4. Insecure Defaults

  • Description: OkReplay may use insecure default configurations if not explicitly configured.
    • How OkReplay Contributes: Default settings might not be secure for all use cases.
    • Example: Default tape storage location might be world-readable.
    • Impact: Sensitive data exposure, replay attacks, or other vulnerabilities.
    • Risk Severity: High
    • Mitigation Strategies:
      • Explicit Configuration: Explicitly configure all relevant OkReplay settings, rather than relying on defaults.
      • Review Documentation: Thoroughly review the OkReplay documentation to understand the default settings and their security implications.
      • Principle of Least Privilege: Configure OkReplay with the minimum necessary permissions and access.
      • Secure Storage: Ensure the default tape storage location is secure and not accessible to unauthorized users.