After Okta was breached for 3 weeks - attackers accessing HAR files w sensitive session info - Okta’s response: “Okta recommends sanitizing all credentials and cookies/session tokens within a HAR file before sharing it.” Cloudflare just built & released such a tool.
Savage:
Ending up in Cloudflare’s security blog is my worst professional nightmare. “Here’s a riveting breakdown of all the mistakes these folks made, let’s pour over them in detail!” Kill me now!
Cloudflare is basically positioning itself as Okta’s missing security team. Last week, they gave Okta advice on what basic security practices to follow. This week, they built the HAR filter Okta should have had in-place.